 | This article needs additional citations for verification .(February 2013) |
 NullCrew logo | |
| Abbreviation | NC |
|---|---|
| Formation | May 2012 |
| Type | Hacking |
Volunteers | 5 |
| Website | nullcrew.org |
NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.
On July 13, 2012, the group assumed the World Health Organization and PBS releasing a pastebin post containing 591 plain-text usernames, and passwords; relating to the WHO attack, as far as the PBS attack goes, it was mostly database information as well as 1,000 emails and passwords. [1]
On July 16, the group breached ASUS (aka ASUSTeK Computer Inc.), releasing a Pastebin post containing 23 administrator usernames and hashed passwords. [2]
The group targeted several universities in the United Kingdom including Cambridge in August 2012. [3]
In September, the group claimed on its Twitter account to have taken control of eight servers run by entertainment corporation Sony. [4] Also in September, the group responded to the arrest of a Pirate Bay co-founder in Cambodia by officials; the response was an attack against the Cambodia Government, leading to several governmental servers being pillaged. [5]
On November 5, 2012; A renown anonymous holiday known by a V for Vendetta phrase "Remember, Remember the fifth of November." Two of the group's core members: Null and Timoxeline announced a successful attack against the U.K. Ministry Of Defense; the attack included over 3,000 Usernames, Email addresses, and passwords that appeared to belong to the U.K. Ministry Of Defense. The two claimed that the attack was allowed due to a simple mistake by the web-developers and the attack was indeed SQL Injection. [6]
The group released the first in what is supposed to be a series of mini e-zines under the operation of "FuckTheSystem" on September 28, 2012. The first mini e-zine contained the column and table structure to the U. S. Department of State, as well as the administrator and webmaster password in plain-text; it also contained exposure of vulnerabilities on the Foxconn website.[ citation needed ]
On October 27, 2012: NullCrew announced the release of their first self-titled e-zine containing credentials of government and military servers belonging strictly to the United States. The affected servers were: The hacked sites includes Montana's Official State Website(mt.gov), Force Health Protection & Readiness(fhpr.osd.mil), The official website of the State of Louisiana(la.gov), The Official Website of the State of Texas (www.texas.gov), United Nations (Several servers including ones from: Unesco and un.org.) The amount of the credentials leaked ranked well in the thousands. [7]
On October 6, 2012, the group posted on two Twitter feeds; both claimed to have hacked the ISP Orange. The first post, from the official Twitter account, was a pastebin, containing table, columns, and databases of the Orange website. The second post came from 0rbit and contained more sensitive information, such as MySQL hosts, users, passwords, and fifty two corporation and government officials email addresses. [8]
Early in the beginning of the new year, on January 6, 2013: The group announced two successful attacks, the first one was on the U.S. Department Of Homeland Security's Study In The States (Supporting their claim in the U.K. MoD attack.) It contained (From EHackingNews) The hacker group published some data compromised from the server including Database Host, user, password and database Name. The hackers compromised these details when they are managed to access the Wp-config.php file. The second attack was against Sharp Electronics in the United Kingdom; the group released the entire MySQL db of Sharp the same day. [9]
On January 30, 2013: The group released their third installment of the #FuckTheSystem e-zine, this particular release contained data from the main server of un.org (Hundreds of passwords, usernames, IP addresses, and other details.) Wasatch, which is a Microsoft partner; The group claimed to have exploited their servers due to a domain hosted on the same server containing an exploit that allowed them to yank details from two wasatch servers (IT, And Software) Leaked data of these servers were email addresses, usernames, passwords - Even including WordPress details. The attack also affected the university of Wisconsin leading in their mysql table and column structure being leaked to public. [10]
On March 6, 2013: The group successfully infiltrated and defaced Time-Warner Cables Support Services and left the web-page defaced; The group proclaimed that the attack took place due to the cable companies participation with what they and many others deemed as an unfair practice.. known as CAS or Six Strikes. The attack took place when they targeted Time-Warners support system, noticing that it ran on ASP they began skimming through and took notice of the support systems login server used the username of admin, and the password of "changeme" the group then bypassed security measures, shelled the server and left the index defaced. The attack was done by two core members of the group: DocOfCock and 0rbit. [11]
The group returned on February 1, 2014 when they dropped over 20,000+ Usernames, passwords, an emails, along with a list of credit card information of Bell Canada; Bell claimed that its own servers were not affected, but instead a third-party had been involved with the attack. The attack was noted as POST SQL Injection in what was Bell's protection management login. The attackers provided screenshots that contained proof of Bell's knowledge of the attack dating back to the 15th of January, as well as results of the execution of the queries, Bell claims it is working with law-enforcement to investigate this attack further. [12]
NullCrew hacked into the Comcast servers on February 5, 2014, and publicly shared the passwords of 34 Comcast email servers. The attack was allowed due to Comcast email servers using a software known as Zimbra, the attack method was LFI. [13]
On April 2, 2014; After a brief period of silence, the group returned announcing that they had begun working with a group by the name of The Horsemen Of Lulz. The two groups detailed an attack on AlArabiya's email-servers, and like Comcast, the media company used Zimbra for email services. The release contained AlArabiya's etc./passwd/ file, along with several ldap credentials and mysql credentials; They ALSO released the exploitable path to both etc./passwd/ and localconfig.xml in full. The exploit was, like Comcast, LFI. [14]
On April 20, 2014; The Marijuana smokers holiday the NullCrew hacktivist group released what it called the fifth installation of its e-zine #FuckTheSystem. This one consisted of: The University Of Virginia, Spokeo, Klas Telecom, ArmA2, Science and Technology Center of Ukraine, State of Indiana, National Credit Union, Telco Systems & BATM, and The International Civil Aviation Organization. The E-zine contained a link to a file on mega.co.nz titled "FTS5-DATA.RAR" This file uncompressed is over 1GB and contains tens of thousands of emails, several sql databases, /etc/passwd files, and a whole lot more. This zine is now known to be its largest release to date. [15]
The group is led by a person using the pseudonym Null, [16] and describes itself as supporting WikiLeaks founder Julian Assange as well as being against all types of corruption. [3]
In May 2013, Lewys Martin, identified as "sl1nk" of the NullCrew hacktivist group, was arrested for apparent charges of hacking "Cambridge university". This matched claims of the group, but different from the data leaks by other members, sl1nk only took down the web site with a Distributed Denial Of Service. Other supposed targets of this member included the Pentagon and NASA. He was sentenced to two years in prison. [17]
In June 2014; A Morristown, Tennessee man by the name of Timothy Justen French was arrested in connection with NullCrew. He was accused of hacking into: University Of Virginia, Spokeo, Klas Telcom, Comcast, University Of Hawaii, department of state, and Bell Canada. In the criminal complaint, it was stated that the arrest was allowed due to information provided by a confidential informant; This informant was later outed by Zer0Pwn as Siph0n. [18]
Also, in June 2014; A Quebec Canadian teenager was arrested by the RCMP, this teenager is believed to be Individual A, or Null/Zer0Pwn of NullCrew. He was arrested in connection with hacking the Canadian telecommunications company Bell Canada; His arrest was allowed due to communication with a confidential informant, whom he later outed on Twitter as Siph0n. Zer0Pwn also claimed that the FBI tested the boundaries of entrapment by allowing them to hack into multiple targets while watching yet doing nothing to prevent these exploits. The teenager pleaded guilty of one count of unlawful computer access, and was sentenced to probation and banned from accessing the internet. [19]
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.
LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.
Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT".
Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.
Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.
The Unknowns is a self-proclaimed ethical hacking group that came to attention in May 2012 after exploiting weaknesses in the security of NASA, CIA, White House, the European Space Agency, Harvard University, Renault, the United States Military Joint Pathology Center, the Royal Thai Navy, and several ministries of defense. The group posted their reasons for these attacks on the sites Anonpaste & Pastebin including a link to a compressed file which contained a lot of files obtained from the US Military sites they breached. The Unknowns claim "... our goal was never to harm anyone, we want to make this whole internet world more secured because, simply, it's not at all and we want to help." The group claims to be ethical in their hacking activities, but nonetheless lifted internal documents from their victims, posting them online. They claim this was because they had reported the security holes to many of their victims, but did not receive a response back from any of them. The whole point was to show that these government-run sites have loopholes in their code and anyone can exploit them. The group used methods like advanced SQL injection to gain access to the victim websites. NASA and the ESA have both confirmed the attack. They claimed that the affected systems were taken offline and have since been patched. At the time this was one of the most wanted hacking groups in Europe and also wanted by the FBI, although they refused to tell if they were investigating the hacks.
UGNazi is a hacker group. The group conducted a series of cyberattacks, including social engineering, data breach, and denial-of-service attacks, on the websites of various organizations in 2012. Two members of UGNazi were arrested in June 2012; one was incarcerated. In December 2018, two members of UGNazi were arrested in connection with a murder in Manila.
The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.
Yahoo! Voices, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network. The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach. The email addresses and passwords are still available to download in a plaintext file on the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts. Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger."
RedHack is a Turkish Marxist-Leninist computer hacker group founded in 1997. The group has claimed responsibility for hacking the websites of institutions which include the Council of Higher Education, Turkish police forces, the Turkish Army, Türk Telekom, and the National Intelligence Organization others. The group's core membership is said to be twelve. RedHack is the first hacker group which has been accused of being a terrorist organization and circa 2015 is one of the world's most wanted hacker groups.
The 2014 Russian hacker password theft is an alleged hacking incident resulting in the possible theft of over 1.2 billion internet credentials, including usernames and passwords, with hundreds of millions of corresponding e-mail addresses. The data breach was first reported by The New York Times after being allegedly discovered and reported by Milwaukee-based information security company, Hold Security.
Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.
Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.
The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of the National Security Agency (NSA) of the United States. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.
Criticism of Dropbox, an American company specializing in cloud storage and file synchronization and their flagship service of the same name, centers around various forms of security and privacy controversies. Issues include a June 2011 authentication problem that let accounts be accessed for several hours without passwords; a July 2011 privacy policy update with language suggesting Dropbox had ownership of users' data; concerns about Dropbox employee access to users' information; July 2012 email spam with reoccurrence in February 2013; leaked government documents in June 2013 with information that Dropbox was being considered for inclusion in the National Security Agency's PRISM surveillance program; a July 2014 comment from NSA whistleblower Edward Snowden criticizing Dropbox's encryption; the leak of 68 million account passwords on the Internet in August 2016; and a January 2017 accidental data restoration incident where years-old supposedly deleted files reappeared in users' accounts.
Nulled is an online cracking forum.
The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.
