|This article needs additional citations for verification. (February 2013)|
|Motto||"Leeching vulnerabilities since 2012!"|
NullCrew is a hacktivist group founded in 2012 that takes responsibility for multiple high profile computer attacks against corporations, educational institutions, and government agencies. Its members are listed as: Zer0Pwn, rootcrysis, nop, and Siph0n. NullCrew is often compared to LulzSecurity, even though the group has lasted twice as long; and is still going strong.
On July 13, 2012, the group breached the World Health Organization(Who) and PBS releasing a pastebin post containing 591 plain-text usernames, and passwords; relating to the WHO attack, as far as the PBS attack goes, it was mostly database information, as well as 1,000 emails, and passwords.
In September, the group claimed on its Twitter account to have taken control of eight servers run by entertainment corporation Sony. Also in September, the group responded to the arrest of a Pirate Bay co-founder in Cambodia by officials; the response was an attack against the Cambodia Government, leading to several governmental servers being pillaged.
On November 5, 2012; A renoun anonymous holiday known by a V for Vendetta phrase "Remember, Remember the fifth of November." Two of the groups core members: Null and Timoxeline announced a successful attack against the U.K. Ministry Of Defense; the attack included over 3,000 Usernames, Email addresses, and passwords that appeared to belong to the U.K. Ministry Of Defense. The two claimed that the attack was allowed due to a simple mistake by the web-developers and the attack was indeed SQL Injection.
The group released the first in what is supposed to be a series of mini e-zines under the operation of "FuckTheSystem" on September 28, 2012. The first mini e-zine contained the column and table structure to the U. S. Department of State, as well as the administrator and webmaster password in plain-text; it also contained exposure of vulnerabilities on the Foxconn website.
On October 27, 2012: NullCrew announced the release of their first self-titled e-zine containing credentials of government and military servers belonging strictly to the United States. The affected servers were: The hacked sites includes Montana's Official State Website(mt.gov), Force Health Protection & Readiness(fhpr.osd.mil), The official website of the State of Louisiana(la.gov), The Official Website of the State of Texas (www.texas.gov), United Nations (Several servers including ones from: Unesco and un.org.) The amount of the credentials leaked ranked well in the thousands.
On October 6, 2012, the group posted on two Twitter feeds; both claimed to have hacked the ISP Orange. The first post, from the official Twitter account, was a pastebin, containing table, columns, and databases of the Orange website. The second post came from 0rbit and contained more sensitive information, such as MySQL hosts, users, passwords, and fifty two corporation and government officials email addresses.
Early in the beginning of the new year, on January 6, 2013: The group announced two successful attacks, the first one was on the U.S. Department Of Homeland Security's Study In The States (Supporting their claim in the U.K. MoD attack.) It contained (From EHackingNews) The hacker group published some data compromised from the server including Database Host, user, password and database Name. The hackers compromised these details when they are managed to access the Wp-config.php file. The second attack was against Sharp Electronics in the United Kingdom; the group released the entire MySQL db of Sharp the same day.
On January 30, 2013: The group released their third installment of the #FuckTheSystem e-zine, this particular release contained data from the main server of un.org (Hundreds of passwords, usernames, IP addresses, and other details.) Wasatch, which is a Microsoft partner; The group claimed to have exploited their servers due to a domain hosted on the same server containing an exploit that allowed them to yank details off of two wasatch servers (IT, And Software) Leaked data of these servers were email addresses, usernames, passwords - Even including WordPress details. The attack also affected the university of Wisconsin leading in their mysql table and column structure being leaked to public.
On March 6, 2013: The group successfully infiltrated and defaced Time-Warner Cables Support Services and left the web-page defaced; The group proclaimed that the attack took place due to the cable companies participation with what they and many others deemed as an unfair practice.. known as CAS or Six Strikes. The attack took place when they targeted Time-Warners support system, noticing that it ran on ASP they began skimming through and took notice of the support systems login server used the username of admin, and the password of "changeme" the group then bypassed security measures, shelled the server and left the index defaced (Mirror her: http://www.freezepage.com/1362546977OFVSJKBYGE) The attack was done by two core members of the group: DocOfCock and 0rbit.
The group returned to the scene on February 1, 2014 when they dropped over 20,000+ Usernames, passwords, an emails, along with a list of credit card information of Bell Canada; Bell took to claiming that its own servers were not affected, but instead a third-party had been involved with the attack. The attack was noted as POST SQL Injection in what was Bell's protection management login. The attackers provided screenshots that contained proof of Bell's knowledge of the attack dating back to the 15th of January, as well as results of the execution of the queries, Bell claims it is working with law-enforcement to investigate this attack further.
NullCrew hacked into the Comcast servers on February 5, 2014, and publicly shared the passwords of 34 Comcast email servers. The attack was allowed due to Comcast email servers using a software known as Zimbra, the attack method was LFI
On April 2, 2014; After a brief period of silence, the group returned announcing that they have begun working with a group by the name of The Horsemen Of Lulz. The two groups detailed an attack on AlArabiya's email-servers, due to much like Comcast, the media company used Zimbra for email services. The release contained AlArabiya's etc./passwd/ file, along with several ldap credentials and mysql credentials; They ALSO released the exploitable path to both etc./passwd/ and localconfig.xml in full. The exploit was, like Comcast, LFi.
On April 20, 2014; The Marijuana smokers holiday the NullCrew hacktivist group released what it called the fifth installation of its e-zine #FuckTheSystem. This one consisted of: The University Of Virginia, Spokeo, Klas Telecom, ArmA2, Science and Technology Center of Ukraine, State of Indiana, National Credit Union, Telco Systems & BATM, and The International Civil Aviation Organization. The E-zine contained a link to a file on mega.co.nz titled "FTS5-DATA.RAR" This file uncompressed is over 1GB and contains tens of thousands of emails, several sql databases, /etc/passwd files, and a whole lot more. This zine is now known to be its largest release to date.
On May 28, 2014; NullCrew teamed up with internet hacktivist group, GroupForTheLulz, known as OnlyForTheLulz. They together formed an alliance and waged war on various underground hacking sites. GroupForTheLulz and NullCrew attacked notable groups: zf0, the Phrack commmunity, ac1db1tch3z and such in their popular web ezine. They used various exploit techniques; such as: SQL injection, XSS, and great use of the Metasploit framework. Together they successfully infiltrated many targets and gained unauthorized access to many hosts during the process. It was in late June, two of NullCrew's members: ZeroPwn and rootcrysis decided to betray GroupForTheLulz and NullCrew. Little did they know that GroupForTheLulz is a team full of spiritually enlightened beings and talented wizards, also not to forget; uncle works for the FBI. rootcrysis and ZeroPwn took credit for an XSS vulnerability they did not find which was originally GroupForTheLulz's. GroupForTheLulz members' retaliated by sending a Ginga (capoeira) kick attack which caused rootcrysis to fall down and break his teeth. While ZeroPwn tried to make a run for it, a member of GroupForTheLulz managed to cause an electrical surge which bursted the ROM chip's using Fire Palm Chi Hand Strike, which he learned from watching Naruto season 2, episode 9. The Electrical surge caused ZeroPwn's laptop to fall off his desk and knock him out, called his uncle to arrest both ZeroPwn and rootcrysis.
In May 2013, Lewys Martin, identified as "sl1nk" of the NullCrew hacktivist group, was arrested for apparent charges of hacking "Cambridge university". This matched claims of the group, but different from the data leaks by other members, sl1nk only took down the web site with a Distributed Denial Of Service. Other supposed targets of this member included the Pentagon and NASA. He was sentenced to two years in prison. Update: @CrusaderTheGod is serving 5 years.
- Eduard, Kovacs (July 13, 2012). "PBS and World Health Organization Hacked, User Details Leaked (Updated)". Softpedia. Retrieved October 6, 2012.
- Kendall, Ben (August 29, 2012). "Cambridge University NullCrew hacking claim investigated". The Independent. Retrieved October 5, 2012.
- Osborne, Charlie (September 3, 2012). "NullCrew pillages Sony servers?". ZDNet. Retrieved October 5, 2012.
- Sabari, Selvan (September 2, 2012). "Cambodia Government websites Hacked by NullCrew". eHackingNews. Retrieved October 5, 2012.
- Mohit Kumar (November 6, 2012). "UK Ministry Of Defence hacked by NullCrew". TheHackerNews. Retrieved November 6, 2012.
- Sabari Selvan (November 6, 2012). "Government and Military websites hacked by #Nullcrew". ehackingnews. Retrieved October 27, 2012.
- Lee, J (October 6, 2012). "Telecom Giant Orange Hacked, Data leaked by #NullCrew". CyberWarNews. Retrieved October 6, 2012.
- Sabari Selvan (January 6, 2013). "DHS’s Study in the States and Sharp Electronics UK hacked by Nullcrew". ehackingnews. Retrieved January 6, 2013.
- Sabari Selvan (January 30, 2013). "United Nations , Wasatch and Wisconsin University data leaked by Nullcrew". ehackingnews. Retrieved January 30, 2013.
- "Bell Canada Hacked by NullCrew".
- Blue, Violet (February 5, 2014). "NullCrew FTS hacks Comcast servers, post exploit and passwords". ZDNet. Retrieved February 13, 2014.
- Blue, Violet (April 2, 2014). "Anti-media cybercrime spree continues: Al Arabiya hacked by NullCrew". ZDNet. Retrieved February 13, 2014.
- Risk Based Security (April 21, 2014). "Nullcrew Compromises 9 Sites Including Spokeo and University of Virginia". Risk Based Security. Retrieved April 21, 2014.
- FBI. http://www.scribd.com/doc/229989445/USA-v-French-Criminal-Complaint. Missing or empty
- "NullCrew: the principled hacker group?". Info Security Magazine. September 18, 2012. Retrieved October 5, 2012.