Nullcrew Compromises 9 Sites Including Spokeo and University of Virginia

[Jake <jake () riskbasedsecurity com>]

https://www.riskbasedsecurity.com/2014/04/nullcrew-compromises-9-sites-including-spokeo-and-university-of-virginia/

On April 20th, the hacker group NullCrew announced the release of an
electronic text-based magazine (e-zine) called “FTS Zine 5” which is a
compilation of database information taken from nine different
organizations, several that were already targeted in August 2013.

In the past, NullCrew has made a name for themselves with various
breaches and by compromising a wide range of systems. For the past few
months they have been working on gathering the data for the release of
this e-zine which is one of their biggest releases to date. The
e-zine’s release layout is very similar to older hacking group
releases like “Hack the Planet”, loaded with high-profile targets that
have been breached by way of what most would consider straight forward
attacks.

The e-zine has been announced on NullCrew’s official Twitter account
and details posted to pastebin with a link to the file sharing website
MEGA. The MEGA file is a 258 megabyte compressed RAR file that
contains contents from nine different targets ranging from
universities, gaming servers, social sites, telecommunication
companies, intelligence & research companies, as well as state
governments.

The methods used in these attacks include local file inclusion (LFI),
SQL injection, and even  stumbling upon a developer’s private server
and taking advantage of the content within. Attacks like these are on
the rise and this release provides a great example why organizations
of all types and sizes must re-think the importance of information
security.

The data released is mixed between each target, but as a whole
contains login credentials, private encryption keys, password files,
and in some cases the vulnerability or exploit used to carry out the
attacks. Below is a summary of the compromised targets covered in the
e-zine:

Klas

One of the more interesting disclosures included that occurred earlier
this month comes from Klas, a telecom company that NullCrew had
recently had been in contact with over the breach. Klas had even
thanked them for pointing out the security flaws and offered to buy
them a beer, but it did not stop NullCrew from adding the user
accounts to the e-zine, which appear to be mostly military personnel.
You can read our interview with NullCrew about the Klas breach for
more information.

UVA

The University of Virginia (UVA) has had a few incidents over the past
couple years, and was not able to keep NullCrew out, as they have been
successful in penetrating their systems and obtaining data. They have
set sight on the university’s Internet technology servers, resulting
in the dump of six database user tables from different subdomains as
well as a DSA private key, a bunch of public SSH-RSA keys and a
listing of close to one million files from their servers.  NullCrew
also claims that they have had backdoors into UVA for over a year and
that they were responsible for a previous breach from last year.

Spokeo

Spokeo is an interesting breach as it was carried out due to the lack
of security that one of their developers had on a private server that
contained a copy of the spokeo blog, which in turn allowed NullCrew to
get access to the main blog as far back as January. The group defaced
the blog and lifted the WordPress database leaving the administrator
accounts and over 5,000 people’s emails, names, and comments exposed.
Since Spokeo is a data aggregator and collects detailed information
from white pages listings, public records and social networks there
could be a fair amount of additional information also at risk.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!