GhostShell back from the other side with mass data dump
The world isn't getting better at protecting SQL, it seems
The GhostShell hacker group is back in the headlines with a more mass dumps of data from poorly-secured sites.
“In keeping with its previous modus operandi, it is likely that the group compromised the databases by way of SQL injection attacks and poorly configured PHP scripts; however, this has not been confirmed”, Symantec's note says.
A Pastebin data dump (The Register has chosen not to link it, but it's in GhostShell's Twitter stream) includes Hong Kong Polytechnic, the Chinese University of Hong Kong, HKU Space and the Hong Kong College of Technology.
Not all of the targets make much sense: for example, while Boulder Primary School in Western Australia may have had lax security on its site, it doesn't seem like any kind of prize. However, the GhostShell list of sites also includes the more high-profile Royal Melbourne Institute of Technology (RMIT).
The Register has asked RMIT if it is able to confirm any details of the attack, and is awaiting a response.
The South China Morning Post report quotes HK CERT consultant Siu Cheong-leung as saying that around half the compromised sites are in education or academia, and “some” private data, including usernames and IDs, e-mails, and phone numbers have been exposed.
The majority of the compromised universities are in the USA, unsurprisingly, and one of GhostShell's tweets said the group dropped universities first rather than “copy/pasting gov databases all day”.
El Reg imagines sysadmins will have a busy time ahead. ®