Ghost Squad Hackers

Ghost Squad Hackers ("GSH") is a hacktivist group responsible for several cyber attacks. Former targets of the group include central banks, Fox News, CNN, the United States Armed Forces and the government of Israel. The group is led by a de facto leader known as s1ege (leet for "siege"), and selects targets primarily for political reasons. The group forms a part of the hacktivist group Anonymous.

Defacements of the Ethiopian government
In January 2016, GSH defaced Ethiopian government websites in response to the killing of nearly 500 students and activists by Ethiopian Security Forces during protests that became extremely violent was involved in the latter part of 2015 and then sparked again between August and October in 2016 Ethiopian protests.

Attacks on Donald Trump
On May 21, 2016 GSH targeted Donald Trump's official website by launching Distributed Denial of Service (DDoS) attacks for what they saw as racist comments made towards refugees and Mexicans. Shortly after targeting Trump's official website GSH shut down Trump's hotel collection websites.

Attacks on the Israeli Defense Force
The group gained more notoriety after having successfully leaked data of the Israeli Defense Force on April 7, 2016. This was the day #OpIsrael was launched along with Anonymous, leaking the Database of Israel Defense Force posting thousands of IDF soldiers, border patrol, and Israeli Air Force personnel information online.

Attacks on the Ku Klux Klan
On April 23, 2016 GSH targeted the Loyal White Knights of the Ku Klux Klan by taking their websites down in the protest of racism while Anonymous vs. KKK protests were happening in the state of Georgia, U.S.A.

Attacks on Black Lives Matter
In 2016, GSH took down the official website of Black Lives Matter, claiming the organization fueled further racism.   

Attacks on Banks
GSH and Anonymous worked in correlation together when "Operation Icarus" was first launched in February 2016. The op was aimed at attacking the central banking system which the attackers accused the banks with corruption and wanted to raise public awareness. This attack sparked the invitation of more hacking teams and affiliations of Anonymous to focus their attention towards that of the Central Banks in direct regards of further scrutiny and cyber attacks.

Ghost Squad Hacker's leader s1ege claimed responsibility for the attacks which were carried out on the Bank of England email server and dozens of other banking websites including the New York Stock Exchange, Bank of France, Bank of Greece, Bank of Jordan and the Bank of South Korea, among others. s1ege went on to state that they want to "start an online revolution" to retaliate against the "elite banking cartels putting the world in a perpetual state of chaos." Hundreds of banks were targeted in this operation and to this day the exact number of banks affected is unknown.

Attacks on CNN, Fox News
Notoriety of the group continued to escalate as the heat was turned up during the month of June, 2016. After censoring of media coverage in regards to OpIsrael, OpSilence was initiated targeting mainstream media outlets such as CNN and Fox News.

Data leakage of the U.S Armed Forces/Military
A data dump was later leaked after hacking the United States Military personnel files and releasing information on close to 2,437 army personnel. The information contained in the link was uploaded to an onion link on the dark web along with a paste-bin link which contained credit card numbers and personal information on U.S. Army personnel.

Defacement of Baton Rouge City government website
July 19, 2016 the sub domain of Baton Rouge City government website was hacked twice in one day by GSH after previously making news after attack towards both the KKK and BLM. These attacks however were targeting the City of Baton Rouge, Louisiana in protest against police brutality in which a city native Alton Sterling was shot and killed by Baton Rouge police officers on the 5th earlier that month. The Baton Rouge website was defaced along with a picture of Alton Sterling with a message that read, "Being black is not a crime! This is for the shooting of Alton Sterling, just because he's black does not mean he is a bad guy. You will pay. We are the justice. We are Ghost Squad Hackers. /R.I.P. Alton Sterling".

Attacks on the Afghanistan government and its officials
On July 31, 2016 GSH took over the official Twitter account of Afghanistan's Chief Executive Dr. Abdullah Abdullah in an effort to raise awareness against corruption and alleged drug deals between Afghanistan and the U.S. They also targeted the Afghan Public Credit Registry website by defacing it which also further allowed them access to several social media accounts including Dr. Abdullah's in which they tweeted,

"Afghanistan Gov Hacked by GhostSquadHackers #CheifExecutiveOfficer Can you hear me now? twitter.com/afgexecutive. We found an exploit in the government server and pulled every login we could. We have more also but Dr. Abdullah was not using phone restriction and 2FA was not enabled".

The attacks on the Afghan government continued relentlessly on the first of September after prior targeting of Afghanistan's Chief Executive Twitter account, GSH further assaulted the government by defacing twelve websites in one day all of which were affiliated with the Afghan government. This included Afghanistan's Ministry of Justice, the Ministry of Defense, the Ministry of Foreign Affairs, the Ministry of Refugees and Repatriations, and the Afghan Attorney General's Office. Further assaults continued in hopes of raising awareness for Palestine as part of OpSilence and OpIsrael after shutting down the Israeli Prime Minister and the Bank of Israel.

Operation Decrypt ISIS
The group's focus in 2017 shifted slightly towards targeting ISIS and removing them off the internet and social media completely. A multitude of accounts from Facebook, Twitter, and Telegram alike were hacked and added to an extensive list of ISIS removed. Further efforts by GSH later revealed bomb instructions and plans to be carried out by ISIS.

s1ege stated "We really do not care about attacking the U.S. elections. They've already been hacked. We mostly hack ISIS" in an interview with CBS news in the year 2018.

On February 12, 2019 s1ege released a massive leak on Islamic State Telegram and WhatsApp group's/channel's administrators. The leak included hacked phones/mobile devices, hacked Telegram accounts, hacked Facebook's, hacked Twitter accounts, credit cards, geolocation data, government issued ID cards, and IP logs belonging to the administrators. The group successfully infiltrated the Islamic state community on encrypted communication applications and exposed the administrators by using malware and exploits. The leak was published on mega.nz and Ghost Squad Hackers Official Twitter account. One of the Telegram and WhatsApp Admins (Riffat Mahmood Khan) was a former taxi driver living in Auburn was linked to ISIS and accused of administering the group's encrypted messages. He traveled to Syria in support of the Islamic State in 2015. He returned from the conflict zone via Turkey six months later, and was promptly picked up by Australian Federal Police officers at the airport as he flew in, in September 2015. Video footage from the raids obtained by The Herald showed his wife and the children being led away from the home by uniformed police, while officers swarm on the Auburn home. He is believed to not have actually participated in the fighting in Syria, but spent time there with the radical group before returning and allegedly continuing his work for the Caliphate. The man remained involved with the Islamic State's encrypted online messaging and continued to take care of the WhatsApp and Telegram groups that the radical Islamic group uses to communicate internally and for recruiting. Documents leaked by GSH showed that several of the accused ISIS supporter's children were enrolled in local Islamic school Al Bayan. He attended South Granville mosque Al Noor, where some sources suggest he became radicalized. Images from his hacked phone exposed by GSH depicted the ISIS flag flying above Venice, explosions, blood-stained knives, children brandishing ISIS flags, a meme saying 'One bullet away from Paradise' and critically wounded soldiers. Leaked data from GSH showed one Belgian (Siraj El Moussaoui), known to be an ISIS supporter, had a video on his phone about how to most effectively behead someone. Siraj El Moussaoui tried in vain to join the Islamic State in 2016 and was arrested shortly after on suspicion of plotting an attack in Belgium.

Defacements of the Indian Government
Starting in April 2020 GSH conducted in a large number of mass defacements of government websites as well as root ownership of an Indian Government server and leaked data from the Australian government. This also included governments such as Australia, India and various others. The Twitter feed of GSH has shared a multitude of alleged attacks on various government websites during the pandemic using hashtags associated with previous campaigns of #FreeJulianAssange.

In June the group claimed responsibility for the hacking of other Indian government websites in protest against the internet ban in Jammu and Kashmir.

GSH gave warning in a LiveWire interview saying “To the people of Jammu and Kashmir, we will support your efforts and continue to back you through this pandemic and tyrannical government's grip. If India's government is persistent, we will be more persistent and consistent. No region/state/ethnic group should not have access to the internet, not even limited access. These are basic civil rights and liberties.”

Defacements of the European Space Agency (ESA)
The group defaced the European Space Agency (ESA) website https://business.esa.int in July 2020. GSH claimed the attack was just for fun. They explained that they exploited a server-side request forgery (SSRF) remote code execution vulnerability in the server, then they gained access to the business.esa.int server and defaced it. Having no interest in leaking any data their intent was solely to show the server was vulnerable. Within a week of hacking the business domain of the ESA they defaced the https://space4rail.esa.int website as well.

Defacements of Idaho State websites
On July 27, 2020 GSH successfully targeted Idaho state websites servers locking agencies out of their own servers. Idaho Government websites targeted included the Idaho supreme court, Idaho court, Idaho Parks and Recreation, Idaho STEM Action Center, and were victims to the group. The sites were used to broadcast messages referencing Julian Assange, founder of WikiLeaks, who was charged with violating the Espionage Act. The messages read ''“Free Julian Assange! Journalism is not a crime.”''

Data leakage on various Sheriff/Police departments
September 3, 2020 - GSH claimed responsibility for the breach of the Vermont Sheriff's Association, which resulted in a data leak of names, addresses, financial data and communications between/to various Vermont sheriffs. The leaked data was published in retaliation to the shootings of various individuals who fell victim to police brutality; including George Floyd, Jacob Blake, and Breonna Taylor.