Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

GhostShell back from the other side with mass data dump

The world isn't getting better at protecting SQL, it seems

The GhostShell hacker group is back in the headlines with a more mass dumps of data from poorly-secured sites.

While Symantec says there's no particular country or sector targeted in the latest campaign, the South China Morning Post says major Hong Kong universities are among the victims.

“In keeping with its previous modus operandi, it is likely that the group compromised the databases by way of SQL injection attacks and poorly configured PHP scripts; however, this has not been confirmed”, Symantec's note says.

A Pastebin data dump (The Register has chosen not to link it, but it's in GhostShell's Twitter stream) includes Hong Kong Polytechnic, the Chinese University of Hong Kong, HKU Space and the Hong Kong College of Technology.

Not all of the targets make much sense: for example, while Boulder Primary School in Western Australia may have had lax security on its site, it doesn't seem like any kind of prize. However, the GhostShell list of sites also includes the more high-profile Royal Melbourne Institute of Technology (RMIT).

The Register has asked RMIT if it is able to confirm any details of the attack, and is awaiting a response.

The South China Morning Post report quotes HK CERT consultant Siu Cheong-leung as saying that around half the compromised sites are in education or academia, and “some” private data, including usernames and IDs, e-mails, and phone numbers have been exposed.

The majority of the compromised universities are in the USA, unsurprisingly, and one of GhostShell's tweets said the group dropped universities first rather than “copy/pasting gov databases all day”.

El Reg imagines sysadmins will have a busy time ahead. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like