The Hacktivist Group Launches New Project to Raise Funds for Anonymizing Their Identities
Recently, notorious hacktivist group GhostSec unveiled their new project dubbed Low-Cost-Database, with the goal of raising funds to support activists and hacktivists who have been operating under false identities or seeking asylum for their actions, which they believe are justified by a desire to fight for a noble cause.
Figure 1: GhostSec’s announcement for their new fund-raiser project
The group further stated that the offered databases were not publicly leaked ones but rather sourced from collaborators. The group also shared a Telegram handle for collaborating with them.
At the time of investigation, the project’s Telegram channel had 2,676 subscribers. Furthermore, the channel has already offered 28 datasets in exchange for amounts ranging from $40 to $70 USD, which impacts organizations based in India, Japan, Vietnam, Montenegro, Poland, Russia, South Africa, Switzerland, and Ukraine.
Other Activities Supporting Activists
The group’s involvement in assisting activists in anonymizing their identities is not a new phenomenon. In December 2022, the group began their project NewBlood with the goal of sharing knowledge about hacking with newcomers who can participate in campaigns once they have the necessary skills.
Later, the group also launched WeFreeInternet, a project aimed at offering free VPN services to Iranian activists. The group also indicated their plans to expand the service to other nations where the internet is restricted by the government.
Figure 2:GostSec’s WeFreeInternet Project
The move was also acknowledged by another hacktivist collective ThreatSec.
Figure 3: ThreatSec supporting GhostSec’s WeFreeInternet project
With the activities that the group alleges were for social causes, the group had leaked or offered Personally Identifiable Information (PII) multiple times. This data can be used by activists and other fraudsters for identity theft, a cybercrime activity in which the threat actor takes over the victim’s identity and conducts a range of fraudulent activities impersonating their identity.
Figure 4: GhosSec leaking PIIs of the Users
A similar belief can also be reflected in the group’s Operational Security (OPSEC) recommendations for activists engaging in the campaigns, which encouraged them to ask friends/peers to make postings on their behalf on social media platforms to conceal their true identities.
The recommendation also included tactics on how to safely use social media handles, censoring information in images, which can uncover identities, and removing metadata from them before posting.
Background of GhostSec
The self-proclaimed ‘vigilante’ group GhostSec is known to be part of the Anonymous collective and has been active since 2015. Their operations gained momentum in 2015 when they claimed to have taken down hundreds of ISIS-affiliated websites or social media accounts and supposedly obstructed potential terrorist attacks.
The group used social media hashtags like #GhostSec, #GhostSecurity, or #OpISIS to promote their activities and participated in the #opisis hacktivist initiative against ISIS. The group has also been part of #OpNigeria, as well as #OpIsrael campaigns targeting the organizations in Nigeria and Israel, respectively.
The group, along with ThreatSec, Stormous, BlackForums, and SeigedSec form the collective, “The Five Families.”
Their Telegram channel was created on October 25, 2020, as the official channel of the GhostSec group. The group frequently utilizes its social media handles on Telegram and Twitter to promote its activities. They also have a presence on other social media websites, including Instagram, YouTube, BitChute, Medium, and Odysee.
Conclusion
With an increased rate of cybercrime, the anonymity of threat actors will continue to pose a significant challenge for law enforcement agencies and cybersecurity professionals worldwide.
The anonymity makes it difficult for professionals to attribute and keep track of their contemporary threat activities. The threat actors may switch to a new identity anytime that will subsequently hamper the threat assessments while the attack campaigns continue to flourish in the wild, leaving the organizations startled when subjected to an attack.
Support to conceal identity, such as that offered by well-funded hacktivist groups like GhostSec, can further exacerbate the challenge by encouraging malicious activities and potentially giving rise to various threats from state-sponsored groups. Overall, the anonymity of threat actors is a significant challenge that will require a concerted international effort from law enforcement agencies and cyber security communities to mitigate the risks.
