Putnam County State Government Hacked by Ghost Squad Hackers

As if you need yet another reminder why our local elections and Government are not safe, earlier today, October 30th 2019, “M1rox” of Ghost Squad Hackers announced a hack of the Putnam County State Government of Ohio. Though no data was leaked in conjunction with today’s announcement, the defacement of the counties website indicates that hacker was able to gain full root access over the entire website itself – theoretically along with all of its data.

While the hacker may not necessarily have had any political motives, at least in terms of conducting espionage for other countries, the news comes within weeks of Mississippi’s warning that close to 75% of the states offices are not prepared to mitigate,deflect or handle a cyber attacks again them. Expectedly enough, upon analyzing the website myself, Putnam Counties home website lacks even an SSL. Regardless, as M1rox once again reminds us, our state and local Governments are far from safer as we continue to inch closer towards 1 year until elections.

Target: hxxp://putnamcountyohio.gov/
Deface: http://putnamcountyohio.gov/index.htm
Deface Mirror: https://defacer.id/archive/mirror/7291500


Presidency International School of Bangladesh Hacked/Defaced by M1r0x of Ghost Squad Hackers

Late last night, during the early morning hours of May 5th 2019, “M1r0x” (@M1r0x_) of Ghost Squad Hackers announced the hack/defacement of the website belonging to The International School of the Presidency in Chattogram, Bangladesh. It’s not exactly known how M1r0x was able to compromise the site, all we know at this point is that they were able to edit the websites ‘About Us’ section with an advertisement for Ghost Squad and all of the groups members – an edit which is still visible to the public at the time of this article. In a message attached to the hack, M1r0x also stated that they ‘were back‘ – perhaps indicating that more hacks are on the way.

This is also M1r0x‘s 3rd such hack, deface and/or data theft of a South Eastern Asian institution within the last 3 months, adding to a hack of Bung Subdistrict Administrative Organization of Thailand last month, and a hack of Rahmatullah Model High School in Bangladesh a month before that. Prior to that, M1r0x had been making their presence felt in conjunction with the ongoing operations surrounding #OpSudan.

Read More: https://roguemedia.co/?s=%22M1r0x%22&x=0&y=0

Hack of Presidency International School 5/5/2019

Website: hxxps://presidencybd.edu.bd/web/index.php
Deface: https://presidencybd.edu.bd/web/mpage_principal.php
Deface Mirror: https://mirror-h.org/zone/2112005/

Image may contain: text



Bung Subdistrict Administrative Organization of Thailand Hacked by M1r0x of Ghost Squad Hackers

Earlier today, March 4th 2019, “M1r0x” of Ghost Squad Hackers made a brief return to the hacking scene with a hack/defacement of the Bung Subdistrict Administrative Organization of Thailand, a national organization tasked with developing community projects around the country – such as educational programs, appointing leadership roles, as well as localized infrastructure investment. It was M1rox‘s first hack/deface in nearly a month and half, dating back to a February 9th 2019 hack of Rahmatullah Techincal High School in the capitol city of Dhaka, Bangladesh.

While Ghost Squad Hackers as a whole have been a little more underground than normal the last couple months, it doesn’t mean the group has been inactive either. For example, S1ege’s ISIS data dump this past February literally made global headlines, resulting in countless arrests around the world. Hax Stroke has been active hacking and defacing websites around Brasil, as well as building his own custom Botnets to launch against NGO’s and Governmental organizations alike – such as Github and the Government of Sudan. Similarly, 0x20k has also been active in a number of hacks/defacement’s over recent weeks just as well.

Target: hxxp://bung.go.th/
Deface: http://bung.go.th/download/index.html
Deface Mirror: https://mirror-h.org/zone/2085620/

Screen Shot of Deface:

No photo description available.

SCode404 of Ghost Squad Hackers May Have Just Built A Botnet Capable of Producing The Largest DDoS Attack The World Has Ever Seen

For those of you whom might not be aware, just a few weeks on January 31st 2019, researchers working for the international cyber security firm known as Imeperva claimed to have successfully mitigated what would become the largest DDoS attack in world history. According to the data, January’s attack topped out at well over 500 million packets per second, nearly 4 times the amount of packets generated from a March 2018 attack against Github servers – an attack still considered to be the largest bandwidth consuming DDoS attack on record, topping out at approximately 1.35 Terabits per second.

Well, as it turns out, there may soon be a new record holder on the way. According to a message posted to Twitter on March 2nd 2019, “SCode404” of Ghost Squad Hackers claims to be in possession of a botnet capable of producing attacks topping out at just short of 3 Terabits per second. Officially named the “Uchiha Botnet” and used to launch Layer 7 DDoS Attacks, via a test run on Vedbex’s DNS resolver, SCode404 claims to have launched an attack topping out around 2,900 GB per second (2.9 TB per second) – a bandwidth level DDoS attack that would utterly smash previous record holders.


While Scode is remaining fairly tight lipped about their creation, at least for the time being, it does appear to be literal months in the making. I say this because dating back to a mid-January 2019 posting to Twitter, SCode announced that they ‘were back‘ and had begun the process of hijacking/exploiting hundreds of thousands of new devices on the Internet of Things (IoT) – primarily targeting the geographic regions of China and Korea via Shodan.io, the official search engine of the Internet of Things. For now though, SCode will not reveal to the public what their botnet comprises of, how they assembled it or built their source code, nor who/what their intended targets may be. When asked as much, SCode told Rogue Media Labsfor this I still keep it a secret.” I guess you will all have to just wait and find out with the rest of us, stay tuned….


International Hackers & Hacking Teams Sign Up for #OpSudan As The Revolts In Sudan Continue

As the revolts around Sudan continue, I’m proud to report that more and more international hackers and hacking groups are coming together to throw the full weights of their platforms behind the people of Sudan. Most notably joining the festivities this week are the Brasilian based hacking group known as “Pryzraky,” along with various members of Ghost Squad Hackers – including “Hax Stroke” and “SCode404.

Among the sites targeted and taken down this week (#TangoDown) were Sudan’s Chamber of Commerce, Ministry of Defense, Ministry of Petroleum and Gas, Ministry of The Interior, as well as the official website of the Office of The Presidency – Omar al-Bashir’s personal website. In addition to this, in the video footage provided below, Hax Stroke of Ghost Squad Hackers offered additional proof that he was simultaneously able to crash 35 Sudanese Government websites with a singular attack on February 16th 2019, launched by a custom built program he calls “Milnet.

This also ads to a similar attack launched by Dext3r of Pryzraky on February 16th 2019, which simulations took down 22 Sudanese Government domains.

Their efforts combine with the work of countless others whom have all been working on behalf of #OpSudan dating back to December 2018. If you are interested in learning more operation, as well as the current conditions leading to Sudan’s modern uprising, you are invited to browse through the links provided below.

Follow #OpSudan Online: https://twitter.com/hashtag/OpSudan?src=hash
Learn More About #OpSudan: https://roguemedia.co/?s=Sudan&x=0&y=0

Learn More About The Situation In Sudan:

From Amnesty International: https://www.amnesty.org/en/search/?q=Sudan
From Human Rights Watch: https://www.hrw.org/sitesearch/Sudan

Ghost Squad Hackers Release Contents from Internal Operation Known as #OpDecryptISIS, Exposing +1GB of Compressed Data Related To ISIS Members, Recruiters & Sympathizers Online

Earlier this morning, February 12th 2019, “S1ege” of Ghost Squad Hackers released a treasure trove of leaked documents compiled as the result of something known as “Operation Decrypt ISIS” (#OpDecryptISIS), an exclusive operation unique to Ghost Squad Hackers. In a personal interview with Rogue Media LabsS1ege explains how the data provided below comes as the result of months of work, time spent quietly working behind the scenes infiltrating ISIS networks, socially engineering its members and compromising their administrators online.

Unlike operations of the past, such as #OpISIS and #OpIceISIS, largely carried out under the banner of the Anonymous Hacker Collective and which typically targeted low level members of ISIS located on the ClearNet, Ghost Squad’s most recent operation was unique in the fact that it was almost exclusively designed “to take out the top chain of ISIS’s command” – which also subsequently led to the uncovering of countless lower level members involved with the terror group.

Operation Decrypt ISIS Raw Press Release: https://hastebin.com/aqupasaboz.coffeescript

Included in the leaked material provided below are rooted phone numbers belonging to ISIS members, the account names and numbers of ISIS members operating on encrypted Voice-Over-Internet-Protocol (VoIP) services such as WhatsApp or Telegram, as well as detailed logs stolen from ISIS members as they browsed through the internet. The leak also contains detailed files on the identities of ISIS members extracted from various accounts, chatrooms and web pages across the internet, divided across the following countries: Algeria, Australia, Belgium, Ghana, India, Indonesia, Libya, Morocco, Palestine, Moldova, Syria, Turkey, Uganada and Yemen. Ghost Squad also attached a separate file of ISIS member compromised via their VPN connections. The individual file folders contained with the leak also contain Personally Identifiable Information (PII) on countless terror members, including their “Phones, Geolocation, Cameras, Telegram accounts, numbers and channels, Facebook profiles, Twitter accounts, personal ID’s, Credit Card details and IP Logs.

Screen Shot of Main Leak:

No photo description available.

It should be noted however that the information contained within the leaked files only includes information on those who are either directly operating under the flag of ISIS, or directly participating within clandestine communications associated with the terror group. Quite simply, you do not find your way into these sorts of rooms or channels by accident, meaning that everyone named in the leak represents legitimate targets either actively participating with ISIS or attempting to learn how to do so. Either way, they are all guilty – even if by nothing other than association.

In a message attached to the leak, S1ege wanted the world to know that:

The Islamic state is far from dead..

People fail to realize that Isis is a lot like a decentralized movement, they operate primarily based on ideologies. They’re not a centralized group or physically located anywhere. Think deeply about the fact that most of the Islamic state’s attacks globally aren’t executed by some foot soldier sent abroad to carry out an operation/terrorist attack handed to him by Isis’ chain of command, rather, they’re done by lone wolves inspired by radical ideologies discovered somewhere on the internet – not their local mosque’s.

Presidents fails to acknowledge what causes the Islamic state to gain in numbers, fails to understand how to tackle the core/root problem. Isis/terrorism will never die, so long as one remaining member creates propaganda GSH will continue to combat Isis wherever, whenever on the internet.

Encrypted or decrypted we will find you and expose you Isis…

Browse Through Entire File Archive Leak: https://mega.nz/#F!izo1XC7Q!xq18rHeHzwJrss9sJrIoTQ

Contacts Data from Hacked Islamic State Admin’s Phones:

Raw Leak (77KB): https://hastebin.com/bomucocivu.shell

SMS Data from Hacked Islamic Stat Admin’s Phones:

Raw Leak 1 (656 KB): https://hastebin.com/afadiseyow.shell
Raw Leak 2 (482 KB): https://hastebin.com/ozobawaheq.shell

Call log Data from Hacked Islamic State Admin’s Phones:

Raw Leak 1 (1,214 KB): https://hastebin.com/obaridisoy.css
Raw Leak 2 (956 KB): https://hastebin.com/eqebunisik.css 

File Archive Backup 1: https://anonfile.com/62q7Gct3b2/Operation_Decrypt_Isis_GSH_zip
File Archive Backup 2: https://roguemedia.co/operation-decrypt-isis-gsh/
Auto-Download Backup: https://roguemedia.co/wp-content/uploads/2019/02/Operation-Decrypt-Isis-GSH.zip

While today’s leak comes as something of a surprise, after talking with various group members over the course of the last several weeks and months perhaps it shouldn’t have. I say this because while they never hinted that a large scale release was immediately immanent, Ghost Squad Hackers have been making it clear that they intend to make 2019 the year in which this Islamic States online presence is finally exterminated once and for good. For example, these were sentiments echoed by M1r0x of GSH just last week.

Even with the release this week, the fight isn’t over and new intelligence indicates the Islamic State has once again started shifting their presence to a newer means of communication – such as ZeroNet. As always, the fight continues….

Browse Through Some of The Leaks Featured Above:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/02/GSH_Leak.pdf”%5D

Rahmatullah Model High School In Bangladesh Hacked/Defaced by M1r0x of Ghost Squad Hackers

Last night, February 8th 2019, “M1r0x” of Ghost Squad Hackers shared a hack and defacement of Rahmatullah Model High School in the capitol city of Dhaka, Bangladesh. In a brief statement to Rogue Media Labs, M1r0x explained that, outside of the fact that they were just bored and it was easy for them to pull off, there was no real motivation behind this particular hack. Presumably, the school was hijacked/targeted because they claim to specialize in the technological development and training of its students, yet operate with an unsecured website and web server.

M1r0x also stated they they were not after, nor did they steal, download or leak any data/files from the website. Rather, they just changed some small things about it – such as the sites cover photo and the content/headlines of various articles featured on its landing page. For example, when you click on any of the websites featured articles, you are re-direct to a message reading “GSH : M1r0x – s1ege – Anonxoxtn – d4rkstat1c – h4x str0ke – Neckros – 3Turr – G4mm4 – Scode404” – listing off all the members of Ghost Squad Hackers. As of the evening hours of February 9th 2019, the website still remains in its defaced condition – perhaps indicating that M1r0x was able to lock out site administrators or that the school remains unaware of the incident.

M1r0x also took the hack as an opportunity to explain that 2019 will mark the end of ISIS, and that the group will be heavily targeting the Islamic State’s remaining online presence throughout the course of the year ahead.

Target: hxxp://home.rmhs.edu.bd/
Deface Mirror: http://www.zone-h.org/mirror/id/32189267

Screen Shot of Main Defacement:

No photo description available.

What Happens When You Click On A Hacked Link:

No photo description available.