The hacker group GhostShell struck again late Monday with Project WestWind in which they leaked 120,000 records from 100 major universities around the world.  The hack was identified as a SQL breach.  Universities like

  • University of Michigan
  • New York University
  • Princeton
  • Harvard
  • Cambridge
  • Tokyo University
  • Cornell

Just to name the who’s who list were affected.

The group leader DeadMellox tweeted a link to the release posted on Pastebin.  On the pastebin post the group stated

“We wanted to bring to your attention different examples from Europe, how the laws change so often that even the teachers have a hard time adjusting to them, let alone, the students, to the US, where tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age.”

They went on to say

“You don’t have to talk about it with us, what’s important is that you bring up the subject ‘today’s education’ in day-to-day conversations with your family, friends, people close to you and try to understand the system better, together. How it works, how a certain type of diploma can or cannot help you in your road to the career you want to pursue.”

The information they stole included

  • Date of Birth
  • Citizenship
  • Ethnicity
  • Marital status
  • Gender
  • Email addresses
  • Student names
  • Faculty names
  • Staff names

Luckily for the universities, only one bank account number could be found and no credit card information or social security numbers were contained within the release.  The data dump did contain user screen names and password.  Again luckily for the universities they were hashed.

How the actual hack was performed is unknown yet however the group did release another statement saying

“When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored.”

GhostShell is the hacking group behind Project Hellfire (click on link for more info), which launched in August this year.  They are defiantly a legitimate group and threat not to mention they attacked on the same night of the Presidential Debate which makes an even bigger statement.  Since the job market and educational systems are topics of this year’s election.