Hackers Dump Millions of Records From Banks, Politicians

hypnosec writes "TeamGhostShell, a team linked with the infamous group Anonymous, is claiming that they have hacked some major U.S. institutions, including major banking institutions and accounts of politicians, and has posted those details online. The dumps, comprised of millions of accounts, have been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies."

Great plan

[masternerdguy]

Yes let's ruin millions of innocent lives to protest the arrest of criminals!

Re:Great plan

Look on the bright side--it's a step above their usual tactic of protesting censorship by DDOSing websites that say things they don't like.

Re:Great plan

[Jane+Q.+Public]

"And will you still be supporting their actions when you find your own personal bank details on that list? "

Damned straight I would. That would give me direct evidence that my bank was not properly protecting my money, and give me very good motivation to start (or join) a lawsuit.

If the banks' security is shit, it's good to know about it. Better it be public than found by some criminal organization that will just steal it all and disappear.

Re:Great plan

[Jane+Q.+Public]

"Wake up people, we live in a corporate run society, we are losing freedom in the false name of capitalism, we are losing our humanity to money." [emphasis added]

At least you do say "false". But I would prefer that you leave "capitalism" out of it. The people that are doing aren't calling it "capitalism", and at least in that sense they are more correct than their detractors.

Capitalism has nothing to do with this. Greed, corruption, monopol, and cronyism are not part of capitalism. Not even close. In fact, real capitalism cannot exist in an atmosphere that is so rife with these things.

Re:Great plan

[Smallpond]

Dear Nigerian citizen. I am the son of the late US President Ronald Reagan. I have recently come into the possession of the sum of FIVE US DOLLARS which I need your help in hiding from the US Internal Revenue Service ...

Re:Great plan

[Sarten-X]

"No true communist state has ever existed" is not a No True Scotsman fallacy.

No True Scotsman is where the experimental grouping is based on the results of the experiment. As a more obvious example, consider giving all of the participants in a drug trial the same medication, then splitting them up afterward based on whether the drug worked or not. In the had-a-good-effect group, 100% of the trial patients had a good effect! Amazing!

The classification of political states, however, is a different issue. No true political anything has ever existed. Dictatorships aren't true dictatorships, because the dictators don't directly control absolutely everything for everyone. Communism isn't true communism, because the people making decisions have always been held in higher regard than the people making toilets. Capitalism isn't true capitalism, because there is always regulation and corruption getting in the way of an informed public. Monarchies aren't really monarchies, because there are always parallel power structures that don't fall into the nicely-defined hierarchy.

The fallacy here (for which I do not recall a proper name, and can't be bothered to look it up) is a confusion (intentional or not) between ideals and realistic implementations of systems. It's easy enough to say "in a Communist system, everyone is valued equally," but much more difficult to actually convince a nation of people to consider everyone perfectly equal. The ideal, however, does make for an interesting philosophical discussion, just as the real implementation makes for an interesting sociological discussion. With the insights from both, perhaps a political system can be devised that accomplishes the goals of the ideal system, while accommodating the pitfalls of the real implementation.

Re:Great plan

[SydShamino]

The SCOTUS ruled that clauses slipped into contracts prohibiting class action lawsuits are valid. In other words - there are some rights that you can't give away in a contract, but the right to join a class action lawsuit isn't one of those.

Now, some companies have already started changing their one-sided take-it-or-leave-for-our-competitors-oops-they-all-have-the-same-clause contracts to include a waiver of the right to participate in a class action lawsuit. The argument is that all companies will do this soon, as there's little reason not to, and that will thus block most citizens from joining class action lawsuits.

The problem here is that SCOTUS was wrong. The right to redress in court is one right that we shouldn't be able to sign away, and given how our court system is structured to so heavily favor the rich, class action rights should be considered a basic citizen right to redress.

Re:Great plan

[Doctor_Jest]

No, we had no free markets in the 1800's. That's a myth. A free market doesn't mean a market without rules. It means a market without manipulation. Read Adam Smith or F.A. Hayek. (And before the Kensyians jump in with their nonsense... Just give it a shot.)

It's enlightening...

Cool, that'll show 'em

[kiwimate]

Score against banks - a bit of a headache, some minor bad P.R., a temporary drop in share price maybe. Don't worry, it'll come back up when the next scandal pushes this one off of people's memories.

Score against the people they're standing up for (the public) - millions of lives ruined as their credit goes to pot, countless hours and days of effort spent to try and recover, thousands of dollars of extra interest payments now their credit score has been dropped down, potential bankruptcies and divorces and split households from the stress...

What a bunch of jackasses. Maybe these people should think who they're really hurting once in a while.

Yeah, They Look Like Garbage ...

[eldavojohn]

Seriously, has anyone actually looked at these so called "dumps"? Most of them are a single field from a table, with no relational data to associate the bits. I see email addresses with nothing else. I see [email] addresses with nothing else. I see First and Last names, but nothing else. Phone numbers... the same. Then there are loads of obvious blog style records that is used to populate their "news" and such sections (which are obviously on their front page anyway). Where is the damage?

I've looked at over 20 so far and all have been absolutely worthless. Even the ones that didn't hash their passwords (BookData? what site is that, can't even find their landing page and all the logins look to be JP e-mail addresses) I can't find where I'm supposed to log in. Furthermore, some of these look like some automated testing software when I see rows like:

| NULL | NULL | 1031 | 1' and '7'='2 | false | !S!WCRTESTINPUT000003!E! | NULL |

| NULL | NULL | 1033 | 99999999 or 7=2 | false | !S!WCRTESTINPUT000003!E! | NULL |

| NULL | NULL | 1032 | 99999999 or 7=7 | false | !S!WCRTESTINPUT000003!E! | NULL |

Those two filled in columns are username and password by the way. So I'm going to say there's three possibilities:

1) these are completely fabricated tables mixed in with (like you noticed) front page public news items and HTML to make them look authentic.

2) these are legitimate but just plain crappy sites. How is it that they only get ~1200 user records from a site unless the site is so worthless that it only has 1200 users?

3) they have everything. They have sensitive stuff but what they've done is show the targets that they have been compromised by releasing only the sensitive data that won't hurt the small users. Since they are publishing the structure of the databases and the targeted entities know that if you have access to that structure, you have/had access to all of the many user information.

I can't believe Teenfad hashed their passwords but some of these other seemingly more sensitive sites didn't. Who the hell is storing plain text passwords in a database!? Well, I guess we have a list of worthless sites that do it now.