Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Dump Millions of Records From Banks, Politicians

Posted by timothy on from the no-such-thing-as-the-afl-cia dept.

hypnosec writes "TeamGhostShell, a team linked with the infamous group Anonymous, is claiming that they have hacked some major U.S. institutions, including major banking institutions and accounts of politicians, and has posted those details online. The dumps, comprised of millions of accounts, have been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies."

30 of 310 comments (clear)

  1. Great plan by masternerdguy · · Score: 5, Insightful

    Yes let's ruin millions of innocent lives to protest the arrest of criminals!

    --
    To offset political mods, replace Flamebait with Insightful.
    1. Re:Great plan by Anonymous Coward · · Score: 5, Funny

      Look on the bright side--it's a step above their usual tactic of protesting censorship by DDOSing websites that say things they don't like.

    2. Re:Great plan by djnanite · · Score: 4, Insightful

      I consider it a protest against bad security......

      And will you still be supporting their actions when you find your own personal bank details on that list?

      Seriously - this just causes hassle for *everyone*, and is not a good way to drum up support for your ill-defined and unfocussed protest.

    3. Re:Great plan by Yvanhoe · · Score: 4, Interesting

      As someone exterior from the US, there is something I don't understand... What do people wait to file a class action to protest against bad security in banks ?

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    4. Re:Great plan by Gordonjcp · · Score: 4, Funny

      I really hope my bank details *are* on the list.

      Perhaps then some random Nigerian general or doctor or prince or whatever will pay off my overdraft.

    5. Re:Great plan by Darkness404 · · Score: 4, Insightful

      Exactly. The sort of nice thing about this is, its public. You can see, you KNOW if your account is breached, its really done in a non-malicious way. I'd much rather have my personal information leaked in a big leak like this than have some guy accessing my account and I have no knowledge about it.

      --
      Taxation is legalized theft, no more, no less.
    6. Re:Great plan by kiwimate · · Score: 4, Insightful

      How do you know it is going to ruin lives when you havent even gone through it?

      Have you ever been through a car/motorcycle accident? I have - how can you understand it if you haven't? Of course, it doesn't take a personal experience to understand that a car running into you is going to hurt, probably break some bones, that kind of thing.

      It's not that difficult. You don't have to go through having your identity stolen to be able to understand the impact.

    7. Re:Great plan by Jane+Q.+Public · · Score: 5, Insightful

      "And will you still be supporting their actions when you find your own personal bank details on that list? "

      Damned straight I would. That would give me direct evidence that my bank was not properly protecting my money, and give me very good motivation to start (or join) a lawsuit.

      If the banks' security is shit, it's good to know about it. Better it be public than found by some criminal organization that will just steal it all and disappear.

    8. Re:Great plan by Jane+Q.+Public · · Score: 5, Informative

      "Wake up people, we live in a corporate run society, we are losing freedom in the false name of capitalism, we are losing our humanity to money." [emphasis added]

      At least you do say "false". But I would prefer that you leave "capitalism" out of it. The people that are doing aren't calling it "capitalism", and at least in that sense they are more correct than their detractors.

      Capitalism has nothing to do with this. Greed, corruption, monopol, and cronyism are not part of capitalism. Not even close. In fact, real capitalism cannot exist in an atmosphere that is so rife with these things.

    9. Re:Great plan by Anonymous Coward · · Score: 4, Interesting

      That sounds very much like the "no true communist state has ever existed" (i.e. No True Scotsman) line.

      As long as human beings are involved, all the typical vices attributed to greed occur, and Capitalism is no different. The best you can say is that Capitalism when practiced by humans is an abject failure, due to the complete inability of its self-correcting factors ("invisible hand" via competition and intelligent actors) to have any effect.

    10. Re:Great plan by Smallpond · · Score: 5, Funny

      Dear Nigerian citizen. I am the son of the late US President Ronald Reagan. I have recently come into the possession of the sum of FIVE US DOLLARS which I need your help in hiding from the US Internal Revenue Service ...

    11. Re:Great plan by Jane+Q.+Public · · Score: 4, Insightful

      "This is the critical point: American jurisprudence is designed to be reactive, not proactive."

      Yes, it certainly is. It inherited that (as did many other countries) from European Common Law. It's not like that's unique or even unusual.

      Arguably, that's the way it should be, in a society that promotes freedom over government control.

    12. Re:Great plan by Sarten-X · · Score: 5, Insightful

      "No true communist state has ever existed" is not a No True Scotsman fallacy.

      No True Scotsman is where the experimental grouping is based on the results of the experiment. As a more obvious example, consider giving all of the participants in a drug trial the same medication, then splitting them up afterward based on whether the drug worked or not. In the had-a-good-effect group, 100% of the trial patients had a good effect! Amazing!

      The classification of political states, however, is a different issue. No true political anything has ever existed. Dictatorships aren't true dictatorships, because the dictators don't directly control absolutely everything for everyone. Communism isn't true communism, because the people making decisions have always been held in higher regard than the people making toilets. Capitalism isn't true capitalism, because there is always regulation and corruption getting in the way of an informed public. Monarchies aren't really monarchies, because there are always parallel power structures that don't fall into the nicely-defined hierarchy.

      The fallacy here (for which I do not recall a proper name, and can't be bothered to look it up) is a confusion (intentional or not) between ideals and realistic implementations of systems. It's easy enough to say "in a Communist system, everyone is valued equally," but much more difficult to actually convince a nation of people to consider everyone perfectly equal. The ideal, however, does make for an interesting philosophical discussion, just as the real implementation makes for an interesting sociological discussion. With the insights from both, perhaps a political system can be devised that accomplishes the goals of the ideal system, while accommodating the pitfalls of the real implementation.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    13. Re:Great plan by girlintraining · · Score: 4, Insightful

      As someone exterior from the US, there is something I don't understand... What do people wait to file a class action to protest against bad security in banks ?

      Ignoring the grammar, it would be because the US Supreme Court deleted citizens' ability to join class action lawsuits because it cost corporations too much.

      --
      #fuckbeta #iamslashdot #dicemustdie
    14. Re:Great plan by Jane+Q.+Public · · Score: 4, Informative

      "Simple, when they have requirements on password length or character sets, then they're not hashing or encrypting passwords. Then you sue them for negligence, inform the media that instead of the story, "Up next: What common product under your sink could be killing your babies?", they should run, "Up next: Find out why banks are sharing your account passwords with thousands of people.", before they have a word from their sponsor. "

      I've tried it. Doesn't work.

      My (then) bank had a huge security hole in their online banking. I contacted the bank several times, and even went to the main branch in person, to show people what the problem was. I talked to their own programmers. They all agreed "This is a huge problem and we need to deal with it right away."

      Did they? No. And after multiple contacts over multiple months, I finally decided to go to the media with my story. Guess what? The news media wanted nothing to do with it.

      No... sorry. You are assuming they are reasonable people. They aren't. This is the only way they'll pay attention.

    15. Re:Great plan by psiclops · · Score: 4, Insightful

      so i'm guessing you'd be glad that it was released publicly, otherwise well - you wouldn't have known to call your bank.....

      --
      i spent five minutes thinking and all i got was this crappy sig
    16. Re:Great plan by SydShamino · · Score: 5, Insightful

      The SCOTUS ruled that clauses slipped into contracts prohibiting class action lawsuits are valid. In other words - there are some rights that you can't give away in a contract, but the right to join a class action lawsuit isn't one of those.

      Now, some companies have already started changing their one-sided take-it-or-leave-for-our-competitors-oops-they-all-have-the-same-clause contracts to include a waiver of the right to participate in a class action lawsuit. The argument is that all companies will do this soon, as there's little reason not to, and that will thus block most citizens from joining class action lawsuits.

      The problem here is that SCOTUS was wrong. The right to redress in court is one right that we shouldn't be able to sign away, and given how our court system is structured to so heavily favor the rich, class action rights should be considered a basic citizen right to redress.

      --
      It doesn't hurt to be nice.
    17. Re:Great plan by Jane+Q.+Public · · Score: 4, Insightful

      "If you rah, rah the hackers and then look forward to filing lawsuits against the company that got hacked then you must also be in favor in catching the people who perpetrated this crime and dealing with them in the legal system."

      The "people who perpetrated this crime" were the banks that did not adequately protect their customer's information.

      Other than that little difference, I agree with you.

    18. Re:Great plan by Jane+Q.+Public · · Score: 4, Interesting

      "Oh ya then how did the hackers find it the security hole? bank did just say hay here,s our security hole. In fact they hacked it, that's against the law already because they did STEAL the passwords. And no i don't expect someone who tells you hay your wallet fell out to be prosecuted. That's just a plain stupid argument by a person who doesn't have a clue or doesn't want a clue. Ya just want to complain."

      This doesn't even deserve an answer. But I'm going to give you one anyway. No thanks necessary!

      So you are saying to me: you don't care that the banks have been criminally irresponsible with people's data? You don't CARE, that somebody ELSE -- a criminal somebody else -- could have found this data and just stolen everybody's money, instead of making it public?

      Whose fucking side are you on?

      I have personal experience with a bank that refused to close a GAPING, OUTRAGEOUS security hole that I pointed out to them, for over a year! After about 6 months of it, with no change, I decided to go to the press with my story. You know what happened? The press and TV wanted nothing to do with it. The bank was a major customer. They weren't about to publish anything negative about it.

      So guess what avenue was left? Only one. In order to close this gaping hole, only one thing would suffice: going public with the data. THAT makes people stand up and listen.

      THE BANKS are the criminals here, and the press are in bed with them. If you think differently, you are deluding yourself.

      And the release of data is the only way they (and a lot of people, like you) will even pay attention.

      So take your criticism and stuff it. I have been there. These people did the right thing.

    19. Re:Great plan by guttentag · · Score: 4, Funny

      As someone exterior from the US, there is something I don't understand... What do people wait to file a class action to protest against bad security in banks ?

      Because we wouldn't get better security as a result, just a coupon for $5 off an adjustable rate mortgage.

    20. Re:Great plan by Doctor_Jest · · Score: 5, Insightful

      No, we had no free markets in the 1800's. That's a myth. A free market doesn't mean a market without rules. It means a market without manipulation. Read Adam Smith or F.A. Hayek. (And before the Kensyians jump in with their nonsense... Just give it a shot.)

      It's enlightening...

      --
      It's the Stay-Puft Marshmallow Man.
  2. Security by DevotedSkeptic · · Score: 4, Insightful

    Banks got billions in bailout but apparently put none of it into security. Like the bailouts the Banks and politicians win and the consumers lose.

    --
    Chief Thinker www.devotedskeptic.com
  3. Something like this was bound to happen... by dryriver · · Score: 4, Insightful

    The powers-that-be, which includes banks, corporations and lawmakers, have been driving all of us "ordinarylings" towards a future where we are increasingly under 24/7 surveillance, whether we like it or not. They have been building a "surveillance grid" that becomes more sophisticated every day, and that knows everything from what we are buying/consuming, to what we are reading, to where we surf on the net when we get up in the morning, to where we park our cars, or go for an evening walk. ---- In a sense it is almost fair that the people who have been encouraging & bankrolling & constantly expanding this surveillance grid get their own digital lives hacked, and thrown online for everyone to scrutinize. ----- If we weren't surveilled digitally, 24/7, and so cruelly, I would say that these hackers have done "a bad thing". ------- Things being what they are - we are watched every more closely by the surveillance grid - its hard, morally speaking, to blame these hackers for their unorthodox actions and tactics.

    --
    Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
  4. Cool, that'll show 'em by kiwimate · · Score: 5, Insightful

    Score against banks - a bit of a headache, some minor bad P.R., a temporary drop in share price maybe. Don't worry, it'll come back up when the next scandal pushes this one off of people's memories.

    Score against the people they're standing up for (the public) - millions of lives ruined as their credit goes to pot, countless hours and days of effort spent to try and recover, thousands of dollars of extra interest payments now their credit score has been dropped down, potential bankruptcies and divorces and split households from the stress...

    What a bunch of jackasses. Maybe these people should think who they're really hurting once in a while.

    1. Re:Cool, that'll show 'em by LMariachi · · Score: 4, Insightful

      How would this lower anyone’s credit rating? Unless they’ve been lying to creditors about their assets/income, in which case their credit rating ought to take a hit.

    2. Re:Cool, that'll show 'em by Jane+Q.+Public · · Score: 4, Insightful

      "Score against banks - a bit of a headache, some minor bad P.R., a temporary drop in share price maybe. Don't worry, it'll come back up when the next scandal pushes this one off of people's memories."

      Not really. This publicly humiliates their "security" measures. In many cases, they are probably breaking Federal security laws. If I were among those affected, I would try to start or join a class action suit.

      "Score against the people they're standing up for (the public) - millions of lives ruined as their credit goes to pot, countless hours and days of effort spent to try and recover, thousands of dollars of extra interest payments now their credit score has been dropped down, potential bankruptcies and divorces and split households from the stress..."

      Again, not really. Would you honestly rather have had somebody discover all this in secret, and run off with all the money they could finagle out of it? And not be discovered for months or years later?

      Or would you rather have it public, so that The People know about it and can take action against it?

      No, you are quite wrong. This WAS the right thing to do.

  5. Did anyone look at these "dumps"? by TheRealMindChild · · Score: 4, Informative

    Seriously, has anyone actually looked at these so called "dumps"? Most of them are a single field from a table, with no relational data to associate the bits. I see email addresses with nothing else. I see [email] addresses with nothing else. I see First and Last names, but nothing else. Phone numbers... the same. Then there are loads of obvious blog style records that is used to populate their "news" and such sections (which are obviously on their front page anyway). Where is the damage?

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
  6. Yeah, They Look Like Garbage ... by eldavojohn · · Score: 5, Interesting

    Seriously, has anyone actually looked at these so called "dumps"? Most of them are a single field from a table, with no relational data to associate the bits. I see email addresses with nothing else. I see [email] addresses with nothing else. I see First and Last names, but nothing else. Phone numbers... the same. Then there are loads of obvious blog style records that is used to populate their "news" and such sections (which are obviously on their front page anyway). Where is the damage?

    I've looked at over 20 so far and all have been absolutely worthless. Even the ones that didn't hash their passwords (BookData? what site is that, can't even find their landing page and all the logins look to be JP e-mail addresses) I can't find where I'm supposed to log in. Furthermore, some of these look like some automated testing software when I see rows like:

    | NULL | NULL | 1031 | 1' and '7'='2 | false | !S!WCRTESTINPUT000003!E! | NULL |

    | NULL | NULL | 1033 | 99999999 or 7=2 | false | !S!WCRTESTINPUT000003!E! | NULL |

    | NULL | NULL | 1032 | 99999999 or 7=7 | false | !S!WCRTESTINPUT000003!E! | NULL |

    Those two filled in columns are username and password by the way. So I'm going to say there's three possibilities:

    1) these are completely fabricated tables mixed in with (like you noticed) front page public news items and HTML to make them look authentic.

    2) these are legitimate but just plain crappy sites. How is it that they only get ~1200 user records from a site unless the site is so worthless that it only has 1200 users?

    3) they have everything. They have sensitive stuff but what they've done is show the targets that they have been compromised by releasing only the sensitive data that won't hurt the small users. Since they are publishing the structure of the databases and the targeted entities know that if you have access to that structure, you have/had access to all of the many user information.

    I can't believe Teenfad hashed their passwords but some of these other seemingly more sensitive sites didn't. Who the hell is storing plain text passwords in a database!? Well, I guess we have a list of worthless sites that do it now.

    --
    My work here is dung.
  7. Re:No. by VortexCortex · · Score: 4, Insightful

    I disagree. While I completely understand what you're saying, I think that we should be associating every breach of law with Anonymous. In the short term it makes the name seem more powerful, and the police state can convince us it needs to limit more freedoms to catch members of Anonymous. Over the long term it points out the ridiculousness of hunting down anyone as a "terrorists" simply by labelling them "Anonymous".

    Look, it's going to get worse before it gets better. I'd have rather had a better name to rally under when the time comes for that, but one makes do with whatever planet one's on, eh? The sooner it's made apparent to the common folk that "Anonymous" means "average citizen", the better.

    Are you now or have you ever been a member of Anonymous?

  8. The mods didn't get the memo by girlintraining · · Score: 4, Funny

    Apparently the slashmods missed the memo: "The Supreme Court ruled Wednesday that consumers can be bound by an arbitration clause in a cellphone deal or other contract even when state law permits a class-action lawsuit for claims arising from the deal."

    Along with a lot of other people, for some reason, despite there being almost a dozen slashdot articles on it. Must be because I'm a troll. You know, one of those fact trolls. Damn you facts! DAAAAAMMMMMNNN YYYOOOOOOUUUU!!!

    --
    #fuckbeta #iamslashdot #dicemustdie