Introduction to GhostSec

4 min readJan 22, 2021

GhostSec is profiled as a group of “vigilantes” and launched against ISIS websites that advocate Islamic extremism. According to experts of online Jihad activism, the group gained momentum after the Charlie Hebdo shooting in Paris in January 2015. The group took credit by shutting hundreds of ISIS-related websites and social media accounts and prevented the adversary attacks by working together with the law enforcement and intelligence agencies. The group uses a hashtag such as #Ghostsec to promote themselves in social media.

GhostSec obtained knowledge that the terrorist planned a strategy to attack in New York and Tunisia and the Intel was sent and received from law enforcement. Briefly after the members of GhostSec decided to part ways by opposing changing the name into Ghost Security Group as reform to cut ties with anonymous. The old name of “Ghostsec” has maintained as associates with Anonymous. Both groups continuously stopping the ISIS.
Over the years since 2015 the first time they gained momentum they have done many operations, and getting more involved in the “Hacktivism scene” they have a twitter account and still use tags like #GhostSec on social media and on their twitter the hacker group in 2018–2019 was heavily involved in an operation and they called it OpChildSafety.

OPCHILDSAFETY 2018–2019

GhostSec took down 1k+ pedos and even exposed boychat which is a paedophile dark web server with over 82,000 users and 7000 different web addresses inside of it.

OPKKK 2020

GhostSec originally posted this operation on twitter supporting everyone involved they also allegedly backdoored a KKK chatroom, on their twitter account they posted the KKK Main Bitcoin wallet which has over $600 million dollars in their BTC wallet.

OpPeta 2020

A few anonymous members started with #OpPETA movement by making a video then GhostSec decided to recruit and assist them by leaking PETA’s mail servers, and targeting the MedicalLab’s servers that is originated from Taiwan where they held animal testing. The medical company kept records of receipts but was deleted soon after GhostSec posted a twitter message by claiming that they found it. However, it was too late and all that is left where the emails that were associated with PETA’s emails in the servers as evidence. Also a full youtube video for OpPeta by GhostSec.

OpPETA Video Response

OpLebanon 2020

OpLebanon from GhostSec also started with a video and shortly right after. The hacker group posted all the government sensitive data such as, emails with login details that belongs to the Lebanese government, after a sudden explosion that happened in Beirut. GhostSec went quiet for a while until they suddenly returned by exposing a hacker group which are responsible for helping the Hezbollah and Iran Regime. They also found the groups main command and control panel for hacking innocents of people human rights activists and journalists, and they were able to clear the data of what’s left of it so the citizens continue the protest. After they compromised the Lebanese targets from the group that goes by The Ansar Group. They are responsible for exploiting hospitals, hotels, airports, etc. They were state sponsored by the Hezbollah and Iran’s regime to silence the critics for speaking out the truth. GhostSec even wiped their panel/server securing all infected targets and an article on GhostSec’s work during OpLebanon.

OpLebanon Video Response

Daniel’s Chat Goes down

On March 10th 2020, hackers targeted one of the most prominent anonymous website hosting providers on the darknet, Daniel Winzen, subsequently knocking over 7,500 hidden services across Tor offline. DarkOwl analysts, who regularly monitor the darknet directly, observed this event occur via DarkOwl’s Vision platform and have spent recent days reviewing what happened to quantify the impact to the darknet. The hacker group GhostSec announced at Around 01:00 UTC in the early hours of March 10th 2020, members present in Daniel’s Chat were surprised to see their super admin, @daniel online. Since the last attack against Daniel’s Hosting services in November 2018, @daniel rarely visited the chatroom, blaming member-infighting and a busy work schedule. It took no time to notice that the topic for the chatroom had been modified to “ALL YOUR BASE ARE BELONG TO US. ALL SHALL BOW BEFORE ME OR FACE MY WRAITH” [sic] and @daniel was not actually commanding his account in the chatroom. On March 3rd 2020, a guest by the name of @Sebastian entered Daniel’s Chat and stated “GhostSec is watching you,” adding that they had taken control of discord servers of Daniel’s — servers that members in the chat didn’t know he even had.

Shortly before getting kicked from the room, @Sebastian posted a fingerprint and claimed Daniel was compromised while accessing child pornographic content called, Tiny Voices. Sebastian is also the moniker and name of the leader of the anti-pedophilia hacking group formerly known as Ghost Security (#GhostSec). Sebastian Dante Alexander, who uses the Twitter handle, @SebastianDant13, is a vigilante hacker known for tracking and de-anonymizing criminals who harm children. they have a new twitter handle at https://twitter.com/_GhostSec_ as their previous one was suspended.

GhostSec FAQ

Q1) What is GhostSec?
A1) GhostSec is a vigilante group that has been around for a long time.

Q2) When did GhostSec from?
A2) We were first on Galaxy 2 which is a deep web social media platform during the time in 2014 but we did not gain popularity till 2015.

Q3) What makes GhostSec different from anonymous?
A3) We are considered offshoots of anonymous although we are our own group. We support the anonymous idea/movement.

Q4) Is GhostSec different than Ghost Security Group?
A4) Yes. We did split from Ghost Security Group as we didn’t accept their movement. GSG is government owned that is owned by Michael Smith.