Updated at 2:20 p.m. ET Wednesday: MalSec objects to the idea that it has broken its own vows. See the end of the story for its full statement.
Malicious Security, or MalSec, entered the world of hacktivism today (April 11) with a YouTube manifesto declaring it is veering from the stance of its Anonymous forefathers in favor of a more ethical approach. In the same breath, MalSec broke that promise.
MalSec posted a cache of passwords, email addresses and internal reports stolen from the Development Bank of the Philippines, the Romanian software company OanaSoft, the Romanian Minister of European Foreign Affairs and the Romanian Raiffeisen Bank. Accompanying the data dump was a single sentence, "Dis Our First Release Guis! ZOMG."
MalSec also hacked into the website of the Royal Government of Bhutan's Decentralized Rural Development Project (part of the Department of Agriculture and the Ministry of Agriculture and Forests) in support of Anonymous' recent actions to attack the Chinese government.
A quick glance at a map reveals that Bhutan and China are different countries.
It's difficult to reconcile these blatant hacks, then, with MalSec's statement of intent, released in video form today, in which the group says it has "new methods and ideas" that stray from Anonymous' hacks, which focus on "the general public getting attacked, and credit card information being stolen."
MalSec mentions the infighting within the Anonymous collective, and says, "This is a tactic to divide us and make us lose sight of our goals." Instead, MalSec writes, "We do not wish to take from the people, or to harm them, but rather to empower them."
The new hacktivist group says the hacks perpetrated last year by Anonymous were successful, but that it will carry the torch for "something unseen by previous collectives of Anonymous. This will be 'The Year of Progress.'"
MalSec says its exploits will be "a little bit more than for the lulz," and that the group will "tackle critical points" and perform "unified acts of honor" toward a "global revolution."
On March 30, MalSec defaced the website of Security Centre Ltd, a Cayman Island-based company that provides security officers and alarm systems, Ars Technica reported. In that hack, MalSec urged the site's administrators to secure the site, and even left instructions on how to return it to normal.
UPDATE: In a Twitter private exchange, MalSec objected to SecurityNewsDaily's characterization of it as a group that had broken its own pledge to be ethical. Here is the full statement MalSec provided.
"Our comment is simple: MalSec has never vowed anything or denied its past and future leaks on corporate data or government data.
We vow to bring attention to ourselves in a way that is acceptable. One that does not harm innocent civilians. Our leaks could not be claimed to have hurt or embarrassed anyone other than the corporations and those who represent them in the leak.
The media gains publicity through lies; we shall gain it through chaos. Chaos that in the end can be justified with reason."