Massive Amount Of breached Chinese Government Servers By @DeadMellox

@DeadMellox had contacted us a bit earlier tipping us of to a huge leak that was on its way, unbeknown to us it was a lot bigger and more indepth that we have expected so here it is for now. The leak contains a heap of accounts, emails and personal information mainly from chinese based websites. Some of these websites are the airports, governmet, insurance brokers, education and much much more.

#TGS declares war on China's cyberspace in its newest operation,#ProjectDragonfly || Mirror:

The leaked data is across 15+ pastes that are mirrored on 2 paste sites as well as a main release file that has the below message and information. We are starting to parse and process this data to get some results as well as a bit better information as to whats in it. The release message: We've been on a well deserved break, but now we're back again. TeamGhostShell is ready to engage in it's newest operation, #ProjectDragonFly. An op that focuses specifically on China; the chinese government, it's institutions, corporations, companies and so on. Echelon is currently busy with his own projects on other parts of the world, so i thought i might as well do something to kill some of this boredom. Long story-short, I'm declaring war on China's cyberspace. I've been looking into China's actions in more detail since a couple of months ago and I learned quite a bit about it's constitution, both online and irl. I always knew that it's still very much a communist country, that makes a habit of silencing it's people whenever they disagree with their government, locking them up or worse, but I was never involved directly with this place so I never really cared, but due to unfortunate events and a wanted poster in 4 continents for my head, decided to sail over to south-eastern Asia for a while, and what better place to be than the country that owns the US so hard right now in debt. I just couldn't help myself, but be curious about it. The first thing that I did when I decided to go to war, was to own their cyberpolice. No surprise there, their official site's actually contain the word/s "cyberpolice". How dumb is that? Here are a few examples: Here's an example of a vul. one: None of them had any useful information on their servers, after doing some research I found out what they really do: When you check the info at "Mainland China" you get this: "It has been reported that in 2005, departments of provincial and municipal governments in mainland China began creating teams of Internet commentators from propaganda and police departments and offering them classes in Marxism, propaganda techniques, and the Internet. They are reported to guide discussion on public bulletin boards away from politically sensitive topics by posting opinions anonymously or under false names. Chinese Internet police also erase anti-communist comments and posts pro-government messages. Chinese Communist Party leader Hu Jintao has declared the party's intent to strengthen administration of the online environment and maintain the initiative in online opinion." Guess they still haven't learned how to code in different languages. Wonder if they have been taught how to use Word and Excel yet. Oh well, this takes me back from when private investigators and detectives used to get on MySpace to find out their suspects. I suppose a similar thing happens here too, since I've found numerous stories, like for example, how some chinese made yahoo accounts and posted "anonymously" on some message boards bad things about the communist ruling party. Newsflash guys, it's called "trolling", get with the program. Not sure what's more laughable, that some people somewhere on this planet thought yahoo was anonymous or if those old farts from Mainland China, that rule the commie party, barely know what a keyboard is. This somehow reminds me of that attack on an american satellite, how the chinese apparently hacked into one of them for a couple of minutes by using software from the 70's or something like that. I mean, seriously? Did it take you guys THAT long to breach it? Weak. Though it does sorta explain why 99% of all of their government site's are so outdated, usually with versions below 5, while running on older versions of windows that I never even knew existed. Windows 2003? Windows 2005? Seriously? Meh, winblows anyway. I'll applaud you though, for not investing tax payers money (you cheap bastards) on updated new security systems, that can get breached too, even easier if i may add, but still, isn't some chinese underaged kid somewhere there making ASP servers for 5 cents an hour? Ok, getting a little off-track here, point is, the more I study about this place, the more I get sick. A story popped up while looking into their "cyberpolice", thought i'd share. And that is: "On 14 November 2007, Professor Guo Quan published an open letter to Chinese communist leaders Hu Jintao and Wu Bangguo, calling for a "democratic government based on multi-party elections that serves the interests of the common folks." " What? Democracy?! What is this sorcery? Well, as you can imagine, this didn't sit well with the very serious business commie ruling party of China. In fact the following occurred… "Guo's very public open letters to President Hu Jintao demanding multi-party elections and the depoliticisation of the People's Liberation Army, was widely published in internet blogosphere as well as the tradition media. Since then the Chinese cyber-police had begun to black out his blogs." Yes, you've read that correctly, the chinese cyberpolice started taking down blogs because a university professor & doctor (PhD) began talking about democracy and his message was so inspiring that it spread like wildfire all over the chinese domains. In 2008, February, he reported and gave an interview to The Times on how his name and work was getting practically removed from google and yahoo cn. What happened to him you might wonder? Oh, you know… "On 13 Nov 2008 cnews reported that Guo Quan, was arrested Thursday in the city of Nanjing. According to his wife, the police's charge was "subversion of state power" Chinese police routinely uses the charge of "subversion of state power"to imprison dissidents for years." "On 17 Oct 2009, Reuters reported that he was sentenced to 10 years in jail." Why am I telling you guys this story? Simple. Because, I want everyone to grasp the situation I am putting myself into right now and how big this will be. If a well respected and educated citizen of China got sentenced to a decade in prison simply for expressing his personal feelings about democracy, his own "free speech" that many others on this planet take for granted, then imagine how pissed off they'll be for what I'm about to do. ___________________ #ProjectDragonFly will start off with hacked chinese gov, edu and ac domains. Since I'm alone on this operation, I've went and breached every site that was in my way. Most are national site's, but a lot of them are also regional, like Hong Kong (hk), Beijing (bj), Shanghai (sh), Macau (mo), Tianjin (tj), Anhui (ah), etc. The leaks contain from usernames, passwords, addresses, phone numbers, passports, flight numbers, to private messages, project descriptions, and a lot more. I apologize in advance if you will find also names of files, those are the one's that also got shell'd by me, I won't be disclosing those, only raw data for now. This is merely an introduction, after today the real fun will begin. UPDATE* Due to recent events, one of TeamGhostShell's main members, Zoone, was arrested in his country for being involved (ironically) with Anonymous work. I knew he also did some hacktivism, but I never though he'd get caught that way. In this short time, another one of our close friends, the leader behind the @AnonymousChina account was also caught. I was briefed that he was part of another group of greyhats and got raided recently. This made me reconsider my position and leak a bit more than just gov/edu/ac data, but also company information. While sitting on around 800k chinese accounts, i've decided to leak around 100k from different places. The police world-wide got the best of us this time, but now it's time to strike back, therefore I'm bringing to you all, a real cyberwar. Enjoy! _______________________ - In memory of Zoone - He was our main guy that would get us access to different places. From government servers, to random twitter accounts. This was the last batch of goodies he had the chance to give me, I knew he wanted to share these with everyone, so, have fun! username: aiadmin password: dctalk (we had access to the american idol blog until a while ago, someone decided to change the password, not sure who snitched, but, this was their previous password, it changed like 1-2 weeks ago) [10:57pm] zoone: Control Panel: [10:57pm] zoone: Username: [10:57pm] zoone: Password: gv2Mddtms7R [10:57pm] zoone: [10:57pm] zoone: Control Panel Username:serijulu [10:57pm] zoone: Control Panel Password:sjr06350 [10:57pm] zoone: FTP [10:57pm] zoone: FTP Username:serijulu [10:57pm] zoone: FTP Password:sjr06350 [10:57pm] zoone: --- [10:57pm] zoone: Control Panel: [10:57pm] zoone: Username: rwillie [10:57pm] zoone: Domain: [10:57pm] zoone: Password: CzQE09C99Yfd [10:58pm] zoone: [10:58pm] zoone: Username: noisedb [10:58pm] zoone: Password: Ecsnoi123 [10:58pm] zoone: ----- [10:58pm] zoone: username : newjewellery [10:58pm] zoone: password : Ecsjew123 [10:58pm] zoone: ----- [10:58pm] zoone: user name : ecsgray [10:58pm] zoone: password : Ecsadmin234 [10:58pm] zoone: ----- [10:58pm] zoone: Username : ecconsult [10:58pm] zoone: Password : ECScon123 [10:58pm] zoone: ----- [10:58pm] zoone: USername : goody [10:58pm] zoone: password : ECSgoo123 [10:58pm] zoone: ----- [10:58pm] zoone: username : snanks [10:58pm] zoone: password : Ecsta123 [10:58pm] zoone: ----- [10:58pm] zoone: user name: milestone [10:58pm] zoone: Password: ECSmil123 [10:59pm] zoone: --- [10:59pm] zoone: [10:59pm] zoone: username: familydental [10:59pm] zoone: password: moochys [10:59pm] zoone: --- [10:59pm] zoone: [10:59pm] zoone: username: aiadmin [10:59pm] zoone: password: dctalk [10:59pm] zoone: --- [10:59pm] zoone: [10:59pm] zoone: [10:59pm] zoone: Username: punganur [10:59pm] zoone: Password: iyer1942 [11:00pm] zoone: --- [11:00pm] zoone: [11:00pm] zoone: [11:00pm] zoone: Username: webbybot [11:00pm] zoone: Password: 06lmoW52Ty [11:00pm] zoone: --- [11:00pm] zoone: Keys for plugins.txt [11:00pm] zoone: [11:00pm] zoone: Username: johntharper [11:00pm] zoone: Password: fuckwad1 [11:00pm] zoone: --- [11:00pm] zoone: [11:00pm] zoone: username: [email protected] [11:00pm] zoone: Password: 22145782a [11:00pm] zoone: --- [11:00pm] zoone: [11:00pm] zoone: Login Name: mitsubishii [11:00pm] zoone: Password: 2392777 [11:00pm] zoone: --- [11:01pm] zoone: [11:01pm] zoone: User: readonly [11:01pm] zoone: Password: readonly [11:01pm] zoone: --- [11:01pm] zoone: [11:01pm] zoone: user name: eb2a_4723979 [11:01pm] zoone: password 1478963 user name:ecsdesigns password:ECRty56ed user name:ecs2011 password:NvrEvrlhd25 Username: noisedb Password: Ecsnoi123 ecstasoft TriEiwe25 database name : jewellery username : newjewellery password : Ecsjew123 username : ecsgodaddy password : [email protected] new demo: ecs2011 NvrEvrlhd25 // Gray market db details: user name : ecsgray password : Ecsadmin234 // paypal : user name:[email protected] Password:9894155800 // ecconsult Username : ecconsult Password : ECScon123 goody USername : goody password : ECSgoo123 way2sms:pass-7593 / database creation in GODADDY : ecstasoft NvrgTdwn25 /*************** Ebnyonline admin:ebonyadmin password:ECSMILS123 /. SNANKS username : snanks password : Ecsta123 /* IYCARE cpanel server details Your Username: ecsta Your Password : axfGHL12# /GODADDY**********/ ecstasoft Tghandh25 /MILESTONE*******/ user name: milestone Password: ECSmil123 // >send ecstademo FTP details ecsgodaddy [email protected] // Blind store DB User name: blindstore password : ECSbli123 // sNANKS ECATSDEMO CHAT SERVER DETAILS username : snankschat password : ECSsna123 /**********************************/ Snanks server ftp details FTP Server: FTP Username: thanoo password:8962a1007 // alternative ecstademo user name: altershop passwor: ECSalt123 // alternative young tamil user name: alternat password : ECSalter123 // gray market Server details server ftp username : gray6532 password : [email protected] Domain: Database Details: username : graymarket password : Ecsadmin234 MySQL Database Information Host Name : Database Name : graymarket Description: gray User Name : graymarket // blind store server db details user name: dailyact password: [email protected] /***********/ FTP User : styleafrik FTP Pass : druZ6yU8 DB URL: Database name/user: ecsstyles Password: dAsdj#456( ____________________________ #ProjectDragonfly Part 1 - || Mirror: Part 2 - || Mirror: Part 3 - || Mirror: Part 4 - || Mirror: - || Mirror: Part 5 - || Mirror: Part 6 - || Mirror: Part 7 - || Mirror: Part 8 - || Mirror: Part 9 - || Mirror: Part 10 - || Mirror: Part 11 - || Mirror: Part 12 - || Mirror: Chinese Academic - || Mirror: Chinese Education - || Mirror: Chinese Government Part 1 - || Mirror: Chinese Government Part 2 - || Mirror: Chinese Government Part 3 - || Mirror: Chinese Government Part 4 - || Mirror: Chinese Government Part 5 - || Mirror: Chinese Government Part 6 - || Mirror: Chinese Top Brokers Email List Part 1- || Mirror: Chinese Top Brokers Email List Part 2 - || Mirror: Chinese Top Brokers Email List Part 3 - || Mirror: Chinese Top Brokers Email List Part 4 - || Mirror: Chinese Top Brokers Email List Part 5 - || Mirror: Chinese Government Data & Co. Part 1 - || Mirror: Chinese Government Data & Co. Part 2 - || Mirror: Chinese Airports - || Mirror: Chinese News Site - || Mirror: Chinese Store - || Mirror: ICDalian Part 1 - || Mirror: ICDalian Part 2 - || Mirror: ICDalian Part 3 - || Mirror: ChinaTTL Email List + domains/ip's/servers - || Mirror: I'm also giving away a list of vulnerable site's that I've breached, for some i've managed to get some of the sensitive data out, for others, not too much, my internet connection sucks, so I couldn't make the deadline with everything, but, remember how i mentioned earlier that i have around 800k accounts? Well, i've leaked around 100k, so you can imagine where i got the rest. haha All of these links have been re-tested recently and they're all working perfectly fine. Someone who isn't all that experienced with this kind of thing can even use an automatic tool to see for themselves that they're vulnerable. They range from banks, airports, hospitals, but also high companies, top ranked domains from China. Google them for yourselves and see which one's they are. :) _________________________ Side notes This concludes the first chapter, in a war, that has merely just begun. Who am I, you might ask? I go by many names, in many collectives, in many groups, but right now, you can call me DeadMellox, leader of Team GhostShell. "

Lee Johnstone

Lee Johnstone

Information Security Data Analyst, Investigative Journalist, Technology Lover, Mechanic.

Read More