Ghost Squad Hackers has emerged as one of the world's most influential indie hacking teams. S1ege, the group's 'administrator,' explains his tactics, how the group works, and the ethics of hacking.
"Ping. Hey man, sorry I went dark for a few weeks. A gSH team member went down." In the middle of an operation, one member suddenly dropped off the grid. "We're safe. I'm always safe," the hacker explained. Still, the event gave him and his team a startle.
S1ege is the self-described "administrator" of Ghost Squad Hackers, gSH, and is the group's de facto leader. Like a lot of hackers, he's constantly on the move. We began speaking through Twitter and encrypted email conversations after his team recently targeted media companies and political entities. Last week he chatted while sniffing packets from an open Wi-Fi connection at a cafe. This morning he's pecking replies from a bright room, surrounded by an array of information-rich monitors. Next week he'll be traveling again.
Ghost Squad Hackers is a notorious group of sophisticated hackers who infiltrate governments, corporations, media companies, and large institutions. gSH sometimes defaces websites, but more often the close-knit hacking squad exfiltrates sensitive documents, identifies zero-day exploits, and performs cyber-reconnaissance about its target's infrastructure. They specialize in defacements, denial of service attacks, and data dumps.
The "hacking world's NGO" is a diverse team. "In early-2014 we formed from various different teams to create a massive, effective, and powerful squad to help propagate vigilante orientated operations," explained S1ege. The phalanx flexed in 2016 with a series of targeted attacks against Daesh, the KKK, Fox News, CNN, both political parties, and the US military.
SEE: Gain control over systems integration with a new generation of tools (Tech Pro Research report)
"Most of our support comes from Anonymous and other hacking teams," he said. "Most teams want to collaborate and have cooperations with us. We are self organized and not related to any other team, but most of our roots come from Anonymous."
He's humble, and respectful of his colleague's skill and independence. S1ege and his teammates are ideologically driven and pick their targets to articulate an anti-hegemonic, anti-authoritarian message. In his words, S1ege hacks to "end the possibility of world war."
And make a few bucks along the way. The revolution requires resources. To make ends meet, S1ege performs penetration testing, consults, and has traded code on the popular forum 0day.today. "I have sold a few social media exploits in the past," he said. "But I don't sell now and haven't for a long time." Zero-day exploits—code known to the hacker world but unknown to the software's creator—are "like gold," he said. "Having a collection [of exploits] is like having a trophy [collection]."
Hackers are misunderstood by both the public and by the media, S1ege said, and explained that Ghost Squad Hackers operates on a shared ethic. "We have primary rules about who to target and why," he emphasized. "We do not attack any other hackers without collective agreement, and especially do not harm the innocent. With this type of power you can destroy someone's life."
In a series of interviews S1ege explained his motivations and tactics. His replies below are condensed and gently edited.
How did you learn to hack?
I am a programmer/developer. I started hacking in mid 2000s starting with manipulation of memory with common vulnerabilities in code like overflowing the stack and simple web application methods like blind sql injection manually, as I progressed that changed quickly. A few years later I got involved with the Anonymous movement helping in most of Anonymous's early operations.
Is what you do legal?
It falls in a big grey area of course. Being that the government treats hackers like terrorists because they are terrified but in reality, Hackers have done so much good for this world, any tool can be used for good or for evil even a gun and the government doesn't fear hackers they fear power and hackers have the upper hand in most cases and can really harm the establishment if it's built upon monetary fear mongering governments/politicians sending its citizens to senseless wars. We are the front of the weak the face of the faceless and the voice for the voiceless, we are not evil people we love the people and that is why we are labeled evil. When doing what is right becomes illegal your co called government is a tyrannical empire.
What motivates me is seeing monolithic systems fall, and the freedom of information and ensuring justice where most governments agencies fail to serve.
SEE: How Russian hackers could disrupt the U.S. election (CBS News)
Can you explain your ethics and intentions?
our intentions are to save innocent lives and not target them our ethics round to government targets, or radical organizations like the Islamic State. The media explains our hacks but does not explain our reason or define why we do these attacks so that can be very confusing when our intentions are to help provide justice where governments fall short or to give justice to governments when the people can't... But there are no lines GSH will not cross we don't care who the target is if they deserve justice we will serve it to them.
Can you help us understand your penetration tactics?
My tactics is majority server exploitation i do not dive into web application unless it gets me closer to the server, if I gain access to a system I'm normally trying to find root access (admin privileges). Afterwards everything else is mine. The objective is to gain control of the entire system through any means necessary firstly trying to exploit with public exploits if that doesn't work the focus is turned to private ones, and if that doesn't work we find a exploit inside the server ourselves.
What can people and companies do to protect themselves from hackers?
Hire penetration testers of course, but in some cases if a very good hacker wants inside your system he will find a way. but it doesn't hurt to make it more difficult for them to penetrate your servers.
SEE: Three ways encryption can safeguard your cloud files (Tech Pro Research report)
TechRepublic communicated with S1ege using encrypted applications that allowed the hacker to remain anonymous. We have taken steps to validate the general nature of S1ege's statements, but of course cannot verify his claims. As always, TechRepublic does not condone illegal or unethical activity.
- Interview with a hacker: Gh0s7, leader of Shad0wS3c (TechRepublic)
- Dark Web: The smart person's guide (TechRepublic)
- Cyberwar: The smart person's guide (TechRepublic)
- Flaws in wireless keyboards let hackers snoop on everything you type (ZDNet)
- Hack the vote: Could cyberattackers disrupt the election? (CNET)
- Hacking Your Phone (CBS News)