GhostShell, On the Record – MalSec
This post is part of an extended interview conducted by DataBreaches.net and CyberWarNews.info with the hacker formerly known as “GhostShell.”
According to GhostShell, back in the spring of 2012, he was approached by someone who had previously been with LulzSec (although LulzSec was already done by that point). That person, he says, persuaded him to team up. He was not sure of the date when he first agreed to team up, sometimes suggesting it was around April, and at other times suggesting it was earlier, but MalSec introduced itself via a YouTube video on April 11, 2012. At the time, he later told DataBreaches.net, he was using the identity DeadVox.
His relationship with MalSec does not appear to have lasted beyond mid-April:
… to be honest I don’t remember much of it since everything happened so fast. One day I was working on a foreign op and the next thing you know I’m creating a splinter cell from Anonymous with this random guy I just met that wouldn’t shut up about how he is part of lulzsec. The year had just started and I was already infamous on the net so my first thought about it was “I’m being recruited by the feds. Here we go!”. To be fair the fact that on the news I was reading how all the members were being arrested, some accused of snitching and so on while I was hanging out in the very same network that they had at one point, with this guy besides me going like “Yeah were gonna be a billion times more famous than them” made me even more paranoid. But it was so funny that I couldn’t bail I had to see it through, I had to know where it was going.
I can’t tell you which people were involved or even how many but in the beginning he was the one recruiting users and making contact with the media. Actually there were more members of this same group and other famous ones in MalSec, like really known ones most of which got arrested throughout the years. I can’t even hint you since you’d figure it out on the spot and this isn’t what this interview is about.
I eventually began recruiting and training my own people since things were going slow. No one was keeping up and I felt the need to have my own group. Even that wasn’t enough so on the 16th of April I created Team GhostShell. On the same day of the first leak.
I was always fighting with the other guy because things weren’t progressing fast enough. He would always ask me for my private data before a release to “inspect” it and would get back to me in a couple of days to let me know if I can leak it or not. Now that I look back at it every single thing he did was step by step the exact same thing every other known and caught hacker group has been going through. Some fed clearing things up with his superiors, logging the conversations through IRSSI and generally handling the situation whenever someone stepped out of line and leaked something he didn’t say it was ok.
On another occasion, he explained it this way:
I was the one in charge of all hacking activities and everyone else came to me whenever they would attack something but just as explained it was the constant friction between me and the other guy. I was being held back from doing what I wanted to. He had to vet everything, with whom I have no idea and then I had to wait for him to do the public release, media campaign and all that. I didn’t like that type of situation at all, it was too sketchy and overall I wanted more freedom of expression.[…]
On the bright side, one of the many advantages you get from being apart of such a group is that you get great publicity. Since the leaks are approved by the feds they will go out of their way to help you get famous. One of the funniest things out of this is that no matter how much infamy I got as the years went by I never really got articles written by the same mainstream medias as we did when I was in MalSec. ArsTechnica, Motherboard, Wired etc., I’m looking at you homeboys. A famous group of hackers means a more important bust later on. Tell me you’ve never noticed how for some hacker groups that are barely known publicly do a major hack, get instant public exposure and then right after they get arrested. They’ve been infiltrated and used for a long time and if by the end of their little adventure they’re not famous enough they’ll get an extra boost, on the house. Win-win for everyone.
As suggested by his response to that question, GhostShell was discreet and did not name others involved in certain operations or projects, although in the case of MalSec, he gave us additional information and enough hints that enabled us to guess to whom he was referring as his recruiter and possible fed. Because, however, he did not actually name him or offer any hard proof that the individual is a fed, we are not naming him, either.
We are also aware, from comments on Twitter, that some dispute GhostShell’s description of his involvement in MalSec and his version of what happened. We are simply reporting statements GhostShell has made without any warranty of their accuracy.