GhostShell Returns with a New Hacking Concept - Dark Hacktivism

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://news.softpedia.com/news/ghostshell-returns-with-a-new-hacking-concept-dark-hacktivism-486248.shtml

Breaking into the systems of an organization and accessing files without
authorization is regarded as trespassing. The motivation behind this act
can be anything from financial gain to proving one’s skills among fellow
hackers.

No matter the reasons, the success of such an action is most of the times
due to lack of proper security measures.

Whitehats also resort to this method for evaluating the resilience of a
company’s infrastructure against all sorts of attacks, as part of a process
called penetration testing.

GhostShell, a hacker known for targeting entities from different sectors
(government, law enforcement, companies) in the past, took a break in 2013
but decided to return in the spotlight this year on June 28, specifically
to draw attention to the current state of insecurity many entities, and
that blackhats can cause a lot of damage.

“Too many news about cybersecurity stocks, snitches and Japanese high tech
toilet hacking. It was about time the spotlight went back to what was
important. Actual breaches made by actual hackers, in this case,
hacktivists,” the hacker told us.

Some victims may have tightened security

GhostShell also introduced Dark Hacktivism, a hacking concept where the
attack is intended to demonstrate the target's poor security, without
harming them.

The comeback was marked by a total of 548 announcements about compromised
targets from various industries, all accompanied by proof of the hack
through links to previews of the information accessed or exfiltrated.

"OVER 1,000 PEOPLE INFORMED OF VULNERABILITIES; NO REPLY RECEIVED"

Most of the victims were compromised in 2015, but some of them had been
compromised in late 2014. The hacker said that efforts were made to report
the vulnerabilities responsibly, but they went unanswered.

“Emailed more than a thousand people, not even one reply back,” the hacker
said, adding that some of the sites were taken down after the intrusion,
indicating that someone cared about the security of the data and made an
effort to patch things up.

Due to the large number of breaches, GhostShell did not run second tests to
check whether a fix had been implemented or not, saying that the admins had
months to correct the security issues before the data became public.

The hacker said that waiting this long a period before disclosing the hack
could be seen as an “ethical disclosure” behavior, although being ethical
was not the purpose on account of the indifference present in infosecurity.

“We keep seeing all of these multibillion dollar corps selling their pricy
infosec products and yet here we are breaching entire regions,” GhostShell
added in support of the reality experienced, stopping short of giving any
names.

Everyone should be considered a target

There are no criteria in selecting the targets, as the purpose is to expose
vulnerabilities everywhere, regardless of the activity sector. Attacking a
government asset is equally important as hitting any other target, as they
also deserve to know they can be hacked.

“Maybe a lot of them are being spied on as we speak. It would help to know
these things, if your network is vulnerable.” GhostShell believes that an
organization needs to know about its weak spots and that disclosing a
security flaw is a better course of action than keeping it secret.

"PLENTY MORE DARK HACKTIVISM SHOULD BE EXPECTED"

This is what the hacker calls Dark Hacktivism: if everyone is a target and
hacking is done indiscriminately, more vulnerabilities are disclosed,
pushing towards better overall security.

The hacker said that this aggressive manner of drawing attention to
security faults would be carried out in the future. “So expect more
releases in the near future. Lots more.”

The purpose is to show the crack and allow repairing it before the bad guys
take advantage. It is “a different type of hacktivism from the one we did
in the past.”

The data taken from the targets was sent to reliable contacts across the
world (Japan and Australia, from our knowledge), who contacted the victims
about the breach. GhostShell assured us that the people handling the data
are involved in cybersecurity and have the necessary connections to make
sure that the problem is solved, or at least exposed to the proper people.

“Either way, on one side out in the open everyone can see the targets and
vulnerabilities and on the other hand more data is being given to provide
further assistance to the people affected. Win-win,” the hacker told
Softpedia.

Basically, this approach would raise awareness of the security flaws
without impacting the systems or the activity, present or future, of the
victim.

Money from disclosures would have been given to charities

GhostShell said that, from past experience, reporting the issues ethically
to the target via third-party services proved to be the wrong way about the
general goal of the hacktivity, because no one wanted to collaborate with
hackers/hacktivists.

Most of the money made this way would have gone to charities. Again, no
names were given, but the hacker expressed unpleasant feelings, to say the
least, towards organizations insisting that they work with hackers for
vulnerability disclosure.

GhostShell's tweetfeed remains silent as of July 4, when a message
announced that all the previously released data dumps had been removed but
they would be republished at an undisclosed date on 100 sharing sites.

Whether the Dark Hacktivism concept will be embraced by other hackers is
not something we can predict, but shaming insecure organizations this way
could be a proper stimulus for security awareness and quicker response
times to vulnerability disclosures.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!