NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies. Its members were listed, at the time of arrest as: zer0pwn, 0rb1t/rootcrysis (Timothy French), and Vaktus. NullCrew was often compared to LulzSecurity, even though the group lasted twice as long. It disbanded after an ex-member, known as Siph0n, was revealed to have been working as a confidential-informant for the FBI. These accusations were made by zer0pwn, allegedly, after going over the official court documents provided to his lawyer.
|Motto||"Probing the governments anus since 2012!"|
On July 13, 2012, the group assumed the World Health Organization and PBS releasing a pastebin post containing 591 plain-text usernames, and passwords; relating to the WHO attack, as far as the PBS attack goes, it was mostly database information, as well as 1,000 emails, and passwords.
On July 16, the group breached ASUS aka ASUSTeK Computer Inc. releasing a pastebin post, containing 23 administrator usernames, and hashed passwords.
In September, the group claimed on its Twitter account to have taken control of eight servers run by entertainment corporation Sony. Also in September, the group responded to the arrest of a Pirate Bay co-founder in Cambodia by officials; the response was an attack against the Cambodia Government, leading to several governmental servers being pillaged.
On November 5, 2012; A renoun anonymous holiday known by a V for Vendetta phrase "Remember, Remember the fifth of November." Two of the groups core members: Null and Timoxeline announced a successful attack against the U.K. Ministry Of Defense; the attack included over 3,000 Usernames, Email addresses, and passwords that appeared to belong to the U.K. Ministry Of Defense. The two claimed that the attack was allowed due to a simple mistake by the web-developers and the attack was indeed SQL Injection.
The group released the first in what is supposed to be a series of mini e-zines under the operation of "FuckTheSystem" on September 28, 2012. The first mini e-zine contained the column and table structure to the U. S. Department of State, as well as the administrator and webmaster password in plain-text; it also contained exposure of vulnerabilities on the Foxconn website.
On October 27, 2012: NullCrew announced the release of their first self-titled e-zine containing credentials of government and military servers belonging strictly to the United States. The affected servers were: The hacked sites includes Montana's Official State Website(mt.gov), Force Health Protection & Readiness(fhpr.osd.mil), The official website of the State of Louisiana(la.gov), The Official Website of the State of Texas (www.texas.gov), United Nations (Several servers including ones from: Unesco and un.org.) The amount of the credentials leaked ranked well in the thousands.
On October 6, 2012, the group posted on two Twitter feeds; both claimed to have hacked the ISP Orange. The first post, from the official Twitter account, was a pastebin, containing table, columns, and databases of the Orange website. The second post came from 0rbit and contained more sensitive information, such as MySQL hosts, users, passwords, and fifty two corporation and government officials email addresses.
Early in the beginning of the new year, on January 6, 2013: The group announced two successful attacks, the first one was on the U.S. Department Of Homeland Security's Study In The States (Supporting their claim in the U.K. MoD attack.) It contained (From EHackingNews) The hacker group published some data compromised from the server including Database Host, user, password and database Name. The hackers compromised these details when they are managed to access the Wp-config.php file. The second attack was against Sharp Electronics in the United Kingdom; the group released the entire MySQL db of Sharp the same day.
On January 30, 2013: The group released their third installment of the #FuckTheSystem e-zine, this particular release contained data from the main server of un.org (Hundreds of passwords, usernames, IP addresses, and other details.) Wasatch, which is a Microsoft partner; The group claimed to have exploited their servers due to a domain hosted on the same server containing an exploit that allowed them to yank details from two wasatch servers (IT, And Software) Leaked data of these servers were email addresses, usernames, passwords - Even including WordPress details. The attack also affected the university of Wisconsin leading in their mysql table and column structure being leaked to public.
On March 6, 2013: The group successfully infiltrated and defaced Time-Warner Cables Support Services and left the web-page defaced; The group proclaimed that the attack took place due to the cable companies participation with what they and many others deemed as an unfair practice.. known as CAS or Six Strikes. The attack took place when they targeted Time-Warners support system, noticing that it ran on ASP they began skimming through and took notice of the support systems login server used the username of admin, and the password of "changeme" the group then bypassed security measures, shelled the server and left the index defaced (Mirror here: http://www.freezepage.com/1362546977OFVSJKBYGE) The attack was done by two core members of the group: DocOfCock and 0rbit.
The group returned on February 1, 2014 when they dropped over 20,000+ Usernames, passwords, an emails, along with a list of credit card information of Bell Canada; Bell claimed that its own servers were not affected, but instead a third-party had been involved with the attack. The attack was noted as POST SQL Injection in what was Bell's protection management login. The attackers provided screenshots that contained proof of Bell's knowledge of the attack dating back to the 15th of January, as well as results of the execution of the queries, Bell claims it is working with law-enforcement to investigate this attack further.
NullCrew hacked into the Comcast servers on February 5, 2014, and publicly shared the passwords of 34 Comcast email servers. The attack was allowed due to Comcast email servers using a software known as Zimbra, the attack method was LFI.
On April 2, 2014; After a brief period of silence, the group returned announcing that they had begun working with a group by the name of The Horsemen Of Lulz. The two groups detailed an attack on AlArabiya's email-servers, and like Comcast, the media company used Zimbra for email services. The release contained AlArabiya's etc./passwd/ file, along with several ldap credentials and mysql credentials; They ALSO released the exploitable path to both etc./passwd/ and localconfig.xml in full. The exploit was, like Comcast, LFI.
On April 20, 2014; The Marijuana smokers holiday the NullCrew hacktivist group released what it called the fifth installation of its e-zine #FuckTheSystem. This one consisted of: The University Of Virginia, Spokeo, Klas Telecom, ArmA2, Science and Technology Center of Ukraine, State of Indiana, National Credit Union, Telco Systems & BATM, and The International Civil Aviation Organization. The E-zine contained a link to a file on mega.co.nz titled "FTS5-DATA.RAR" This file uncompressed is over 1GB and contains tens of thousands of emails, several sql databases, /etc/passwd files, and a whole lot more. This zine is now known to be its largest release to date.
In May 2013, Lewys Martin, identified as "sl1nk" of the NullCrew hacktivist group, was arrested for apparent charges of hacking "Cambridge university". This matched claims of the group, but different from the data leaks by other members, sl1nk only took down the web site with a Distributed Denial Of Service. Other supposed targets of this member included the Pentagon and NASA. He was sentenced to two years in prison.
In June 2014; A Morristown, Tennessee man by the name of Timothy Justen French was arrested in connection with NullCrew. He was accused of hacking into: University Of Virginia, Spokeo, Klas Telcom, Comcast, University Of Hawaii, department of state, and Bell Canada. In the criminal complaint, it was stated that the arrest was allowed due to information provided by a confidential informant; This informant was later outed by Zer0Pwn as Siph0n.
Also, in June 2014; A Quebec Canadian teenager was arrested by the RCMP, this teenager is believed to be Individual A, or Null/Zer0Pwn of NullCrew. He was arrested in connection with hacking the Canadian telecommunications company Bell Canada; His arrest was allowed due to communication with a confidential informant, whom he later outed on Twitter as Siph0n. Zer0Pwn also claimed that the FBI tested the boundaries of entrapment by allowing them to hack into multiple targets while watching yet doing nothing to prevent these exploits. The teenager pleaded guilty of one count of unlawful computer access, and was sentenced to probation and banned from accessing the internet.
- Eduard, Kovacs (July 13, 2012). "PBS and World Health Organization Hacked, User Details Leaked (Updated)". Softpedia. Retrieved October 6, 2012.
- Kendall, Ben (August 29, 2012). "Cambridge University NullCrew hacking claim investigated". The Independent. Retrieved October 5, 2012.
- Osborne, Charlie (September 3, 2012). "NullCrew pillages Sony servers?". ZDNet. Retrieved October 5, 2012.
- Sabari, Selvan (September 2, 2012). "Cambodia Government websites Hacked by NullCrew". eHackingNews. Retrieved October 5, 2012.
- Mohit Kumar (November 6, 2012). "UK Ministry Of Defence hacked by NullCrew". TheHackerNews. Retrieved November 6, 2012.
- Sabari Selvan (November 6, 2012). "Government and Military websites hacked by #Nullcrew". ehackingnews. Retrieved October 27, 2012.
- Lee, J (October 6, 2012). "Telecom Giant Orange Hacked, Data leaked by #NullCrew". CyberWarNews. Retrieved October 6, 2012.
- Sabari Selvan (January 6, 2013). "DHS's Study in the States and Sharp Electronics UK hacked by Nullcrew". ehackingnews. Retrieved January 6, 2013.
- Sabari Selvan (January 30, 2013). "United Nations , Wasatch and Wisconsin University data leaked by Nullcrew". ehackingnews. Retrieved January 30, 2013.
- "Bell Canada Hacked by NullCrew". 2014-02-03.
- Blue, Violet (February 5, 2014). "NullCrew FTS hacks Comcast servers, post exploit and passwords". ZDNet. Retrieved February 13, 2014.
- Blue, Violet (April 2, 2014). "Anti-media cybercrime spree continues: Al Arabiya hacked by NullCrew". ZDNet. Retrieved February 13, 2014.
- Risk Based Security (April 21, 2014). "Nullcrew Compromises 9 Sites Including Spokeo and University of Virginia". Risk Based Security. Retrieved April 21, 2014.
- "NullCrew: the principled hacker group?". Info Security Magazine. September 18, 2012. Retrieved October 5, 2012.
- FBI. "USA v. French: Criminal Complaint | Virtual Private Network | Web Server".
- OttawaCitizen (2015-04-17). "FBI watched as hacker dumped Bell Canada passwords online | Ottawa Citizen".