Ghost Squad Hackers Release Contents from Internal Operation Known as #OpDecryptISIS, Exposing +1GB of Compressed Data Related To ISIS Members, Recruiters & Sympathizers Online

Earlier this morning, February 12th 2019, “S1ege” of Ghost Squad Hackers released a treasure trove of leaked documents compiled as the result of something known as “Operation Decrypt ISIS” (#OpDecryptISIS), an exclusive operation unique to Ghost Squad Hackers. In a personal interview with Rogue Media LabsS1ege explains how the data provided below comes as the result of months of work, time spent quietly working behind the scenes infiltrating ISIS networks, socially engineering its members and compromising their administrators online.

Unlike operations of the past, such as #OpISIS and #OpIceISIS, largely carried out under the banner of the Anonymous Hacker Collective and which typically targeted low level members of ISIS located on the ClearNet, Ghost Squad’s most recent operation was unique in the fact that it was almost exclusively designed “to take out the top chain of ISIS’s command” – which also subsequently led to the uncovering of countless lower level members involved with the terror group.

Operation Decrypt ISIS Raw Press Release: https://hastebin.com/aqupasaboz.coffeescript

Included in the leaked material provided below are rooted phone numbers belonging to ISIS members, the account names and numbers of ISIS members operating on encrypted Voice-Over-Internet-Protocol (VoIP) services such as WhatsApp or Telegram, as well as detailed logs stolen from ISIS members as they browsed through the internet. The leak also contains detailed files on the identities of ISIS members extracted from various accounts, chatrooms and web pages across the internet, divided across the following countries: Algeria, Australia, Belgium, Ghana, India, Indonesia, Libya, Morocco, Palestine, Moldova, Syria, Turkey, Uganada and Yemen. Ghost Squad also attached a separate file of ISIS member compromised via their VPN connections. The individual file folders contained with the leak also contain Personally Identifiable Information (PII) on countless terror members, including their “Phones, Geolocation, Cameras, Telegram accounts, numbers and channels, Facebook profiles, Twitter accounts, personal ID’s, Credit Card details and IP Logs.

Screen Shot of Main Leak:

No photo description available.

It should be noted however that the information contained within the leaked files only includes information on those who are either directly operating under the flag of ISIS, or directly participating within clandestine communications associated with the terror group. Quite simply, you do not find your way into these sorts of rooms or channels by accident, meaning that everyone named in the leak represents legitimate targets either actively participating with ISIS or attempting to learn how to do so. Either way, they are all guilty – even if by nothing other than association.

In a message attached to the leak, S1ege wanted the world to know that:

The Islamic state is far from dead..

People fail to realize that Isis is a lot like a decentralized movement, they operate primarily based on ideologies. They’re not a centralized group or physically located anywhere. Think deeply about the fact that most of the Islamic state’s attacks globally aren’t executed by some foot soldier sent abroad to carry out an operation/terrorist attack handed to him by Isis’ chain of command, rather, they’re done by lone wolves inspired by radical ideologies discovered somewhere on the internet – not their local mosque’s.

Presidents fails to acknowledge what causes the Islamic state to gain in numbers, fails to understand how to tackle the core/root problem. Isis/terrorism will never die, so long as one remaining member creates propaganda GSH will continue to combat Isis wherever, whenever on the internet.

Encrypted or decrypted we will find you and expose you Isis…

Browse Through Entire File Archive Leak: https://mega.nz/#F!izo1XC7Q!xq18rHeHzwJrss9sJrIoTQ

Contacts Data from Hacked Islamic State Admin’s Phones:

Raw Leak (77KB): https://hastebin.com/bomucocivu.shell

SMS Data from Hacked Islamic Stat Admin’s Phones:

Raw Leak 1 (656 KB): https://hastebin.com/afadiseyow.shell
Raw Leak 2 (482 KB): https://hastebin.com/ozobawaheq.shell

Call log Data from Hacked Islamic State Admin’s Phones:

Raw Leak 1 (1,214 KB): https://hastebin.com/obaridisoy.css
Raw Leak 2 (956 KB): https://hastebin.com/eqebunisik.css 

File Archive Backup 1: https://anonfile.com/62q7Gct3b2/Operation_Decrypt_Isis_GSH_zip
File Archive Backup 2: https://roguemedia.co/operation-decrypt-isis-gsh/
Auto-Download Backup: https://roguemedia.co/wp-content/uploads/2019/02/Operation-Decrypt-Isis-GSH.zip

While today’s leak comes as something of a surprise, after talking with various group members over the course of the last several weeks and months perhaps it shouldn’t have. I say this because while they never hinted that a large scale release was immediately immanent, Ghost Squad Hackers have been making it clear that they intend to make 2019 the year in which this Islamic States online presence is finally exterminated once and for good. For example, these were sentiments echoed by M1r0x of GSH just last week.

Even with the release this week, the fight isn’t over and new intelligence indicates the Islamic State has once again started shifting their presence to a newer means of communication – such as ZeroNet. As always, the fight continues….

Browse Through Some of The Leaks Featured Above:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/02/GSH_Leak.pdf”%5D

Câmara Municipal de Taquaritinga do Norte & Faculdade de Ciências Gerenciais de Manhuaçu Hacked/Leaked by Al1ne3737

In the early morning hours of Saturday, January 26th 2019, an Indonesian hacker going by the name of “Al1ne3737” released data leaks effecting the Municipal Town Hall of North Tarquaritinga, Brasil, and University of Faculty Management Sciences of Manhuaçu. In what appears to have become the hackers new slogan, Al1ne3737 also left behind a message in Indonesian reading “Do I Look Like Someone Who Has A Plan?” – indicating that these hacks/leaks are occurring at random, with no specific purpose behind them. In other words, Al1ne3737 is simply doing all of this for “the Lulz,” or to just pass some time.

Screen shots from different portions of the leaks are provided below, but the most important information pulled from each are the credentials necessary to log into the websites back-end, granting a user full control over each website and all of its content. For example, the leak of the Câmara Municipal de Taquaritinga do Norte contains the unique login user name and passwords needed to access 4 different databases attached to the site, containing documents, agenda’s, photos, client lists and much more. The leak of Faculdade de Ciências Gerenciais de Manhuaçu is a bit different, containing the root login username and passwords necessary to access all of the websites databases at once, containing information on University staff members and professors, as well internal documentation such as calendars, events and so forth.

Target: hxxp://www.camarataquaritingadonorte.pe.gov.br/
Data Leak: https://ghostbin.com/paste/wvm38

Screen Shot from Leak:

No photo description available.

Target: hxxp://facig.edu.br
Leak: https://ghostbin.com/paste/75mfr

Screen Shot from Leak:

No photo description available.

https://twitter.com/al1ne3737/status/1089060560942125056

Kementerian Energi dan Sumber Daya Mineral Republik Indonesia & Sistema de Gestión SUMAR Hacked by New World Hackers

No photo description available.

Yesterday morning, January 23rd 2019, two new members of New World Hackers going by the name of “Mizaru” and “Ftp” announced the hack and leak of two international Government agencies/departments. More specifically, the Ministry of Energy and Mineral Resources of The Republic of Indonesia (ESDM) and a branch of the Argentinian Ministry of Health known as Sistema de Gestión (SUMAR) were compromised by the breaches.

Once again however, just as with their hacks earlier this week, the leaked data is somewhat unconventional. Meaning that instead of leaking any data or information contained within the hacked databases, the hackers have instead chosen to leak the various SQL vulnerabilities used to compromise the databases in the first place – essentially showing others how the hack was physically pulled off for them to replicate, or for site administrators to patch.

Ministry of Energy and Mineral Resources: hxxp://tpdk.esdm.go.id
Vulnerabilities Leak: https://ghostbin.com/paste/kc6jo

Sistema de Gestión (SUMAR): hxxp://plannacer.larioja.gov.ar/
Vulnerabilities Leak:

https://twitter.com/MZR_h4x0r/status/1088037279627649024

https://twitter.com/MZR_h4x0r/status/1088112570421129216

Online Training Platform TDS Technology Brasil Hacked, Data of 186 Account Holders Leaked Online

Earlier this morning, January 19th 2019, an Indonesian based hacker going by the name of “Al1ne3737” announced a hack of TDS Technologies in Brasil, leaking the account information of 186 customers – including their emails and passwords. While it is unknown how many of the accounts listed below are paid accounts, the website is almost exclusively used as a learning center – connecting students to paid online courses/tutorials covering various professional services/topics, such as webmaster training, CISCO Systems certification, Oracle training, various Microsoft Windows related certifications and much more. Theoretically then, the logins provided below could be used to pirate various courses on these subjects, as well as to gain access to the payment information provided by their customers.

While not much is known about Al1ne3737, what we do know is that they joined Twitter late in December 2019 and have been using the platform to post mirrors of various international website defaces ever since, though primarily over the course of the last week. Their release this morning is the first such leak posted to their online account. To confirm the legitimacy of the leaks, Rogue Media Labs attempted to make contact with the company via their built in web chat, but after waiting 15 minutes never received a reply back from representatives.

Alvo: hxxp://tdstecnologia.com.br/
Raw Leak: https://ghostbin.com/paste/wtefs
Login Page: hxxp://tdstecnologia.com.br/curso.php?id=40

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/01/wtefs-Ghostbin.pdf” title=”wtefs – Ghostbin”]

https://twitter.com/al1ne3737/status/1086534352165584897