GhostShell claims breach of 1.6M accounts at FBI, NASA, and more

The hacktivist group says it obtained the records via SQL injection at government sites.

Casey Newton Former Senior Writer
Casey Newton writes about Google for CNET, which he joined in 2012 after covering technology for the San Francisco Chronicle. He is really quite tall.
Casey Newton

Team GhostShell, the hacktivist collective, said today that it has stolen accounts from a large number of government agencies, contractors, and security firms, posting information from 1.6 million accounts online.

Dubbed Project White Fox, the hacking project appears to have affected NASA, the FBI, the Pentagon, and Interpol, among many others. The hackers announced their work in a file posted on Pastebin.

Our colleagues at ZDNet report:

The file dump, upon closer inspection, seems to include a number of records obtained via SQL injection. A random selection of the files contain email and home addresses, defense material tests and analysis notes, mailing lists, passwords, and names. In addition, some file dumps also include administrator email addresses and accompanying passwords, telephone numbers, hashed passwords, and database details of company suppliers in the aerospace and oil industries.

ZDNet found that a file called "NASA's Engineers: Center for Advanced Engineering" contained email addresses, user names, and what appeared to be the passwords of several users.

GhostShell is said to be loosely connected to hacktivist network Anonymous. The Next Web notes that GhostShell previously made headlines in October, when it breached 100 universities and leaked more than 100,000 student records online. It later declared "war" on Russia to protest government repression.