Cyber Incident Victim: United States Army
Date:
Jun 2016
Location:
United States of America
Summary
A cyber incident involving the US Army resulted in the unauthorized disclosure of sensitive personal and financial data belonging to military personnel. The Ghost Squad Hackers group claimed responsibility, leaking names, email addresses, phone numbers, dates of birth, physical addresses, and credit card details including numbers, expiration dates, and CVV codes. The compromised information, initially published on a DarkNet site and later disseminated via platforms like Pastebin, reportedly affected thousands of individuals. The attackers attributed their actions to political motives, criticizing perceived US military expansionism and foreign policy under their #OpSilence campaign. This breach followed the group's prior involvement in disruptive operations against various targets, signaling an escalation in their activities beyond earlier denial-of-service attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 1, 2016, the hacktivist group Ghost Squad Hackers (GSH) initiated #OpSilence, a cyber campaign targeting mainstream media organizations and US military personnel. The group, which had previously conducted Distributed Denial of Service (DDoS) attacks against Ku Klux Klan and Black Lives Matter websites before participating in Anonymous’ #OpIcarus banking attacks, escalated its activities by compromising sensitive US Army data. Between June 1 and June 23, 2016, GSH exfiltrated and publicly released personal information belonging to 2,437 US military personnel. The dataset included names, email addresses, phone numbers, dates of birth, physical addresses, zip codes, and complete credit card details—card types, numbers, expiration dates, and CVV codes—all stored in unencrypted plain text. The hackers first uploaded a 4,948-line text file containing this information to a DarkNet onion site before disseminating it through social media platforms and Pastebin. Cybersecurity analyst Shay Rozen of Hacked-DB identified and validated the leaked data’s authenticity, confirming its origin from US Army systems. Concurrently with the military breach, GSH executed successful attacks against email servers at CNN and Fox News as part of the same operation.
The attackers publicly justified their actions through a manifesto accusing the US government of conducting false-flag terrorism operations since 9/11 and expanding military imperialism through its network of over 900 foreign bases. Their statement declared: “Fear is freedom! Subjugation is liberation! The contradiction is the truth!” while threatening that “over 5000 United States military personnel will fall victim to this attack” and vowing to bring chaos to “your empire.” Though GSH claimed 5,000 victims, forensic analysis confirmed 2,437 unique individuals affected. The breach exposed service members to identity theft and financial fraud risks due to the inclusion of active credit card security codes. No mitigation measures by military authorities or financial institutions were documented in available sources following the leak. The incident marked a significant escalation in GSH’s capabilities, transitioning from temporary DDoS disruptions to the theft and publication of highly sensitive financial and identity records. #OpSilence represented both a continuation of their anti-establishment agenda and a strategic shift toward compromising institutional data repositories beyond their initial media targets.