GhostShell Returns compromised many companies via FTP Servers
The Romanian hacker, GhostShell has started a new campaign called Light Hacktivism, which signaled his comeback to the world of hacking.
The last time GhostShell was in the news, he gave a very candid interview about himself and his true identity and after a few months of silence, he has come back to the world of hacking. In his new exploits, he has revealed around 32 websites that show where he has taken data which contains sensitive information. The data shows that he targets government agencies, educational institutions, and other firms from a wide range of industries such as medical, industrial, retail and many others.
The aim of the leak is to bring to light how the online businesses of today employ weak and feeble security practices. According to GhostShell, this is called Light Hacktivism, and is opposite to his Dark Hacktivism exploits that he also introduced.
GhostShell whose real name is Razvan Eugen Gheorghe is a former member of Anonymous, MalSec and is the leader of the Team GhostShell hacking group. He has been around on the hacking scene for a long time and is now at mini Yoda status, which clearly shows that he does not do blind or random hacking anymore.
In an interview with reporters, GhostShell said that as a part of his Light Hacktivism plans there was going to be more leaks to come. He also said that the first leak came about as a result of negligent administrations. Sensitive data was found after firms left the FTP ports and directories open. In some cases, admin credentials were taken for the whole server.
GhostShell said through the use of the open FTP directories; he could intensify his access to the whole servers where he could get more information. To prove that what he is doing and saying has true he has leaked some credit card information though they are expired. He also has medical data with him though it is censored.
GhostShell explained that people were not supposed to underestimate the most simple flaws out there saying that they could lead to much more dangerous flaws.
The new concept of Light Hacktivism is about finding flaws and exposing them so they can be revealed. Dark Hacktivism was about showing that there were weaknesses in security systems by using cyber war tactics which are used by actual hackers. Light Hacktivism is non-aggressive according to GhostShell.