BreachExchange mailing list archives
Nullcrew Compromises 9 Sites Including Spokeo and University of Virginia
From: Jake <jake () riskbasedsecurity com>
Date: Mon, 21 Apr 2014 11:40:53 -0400
https://www.riskbasedsecurity.com/2014/04/nullcrew-compromises-9-sites-including-spokeo-and-university-of-virginia/ On April 20th, the hacker group NullCrew announced the release of an electronic text-based magazine (e-zine) called “FTS Zine 5” which is a compilation of database information taken from nine different organizations, several that were already targeted in August 2013. In the past, NullCrew has made a name for themselves with various breaches and by compromising a wide range of systems. For the past few months they have been working on gathering the data for the release of this e-zine which is one of their biggest releases to date. The e-zine’s release layout is very similar to older hacking group releases like “Hack the Planet”, loaded with high-profile targets that have been breached by way of what most would consider straight forward attacks. The e-zine has been announced on NullCrew’s official Twitter account and details posted to pastebin with a link to the file sharing website MEGA. The MEGA file is a 258 megabyte compressed RAR file that contains contents from nine different targets ranging from universities, gaming servers, social sites, telecommunication companies, intelligence & research companies, as well as state governments. The methods used in these attacks include local file inclusion (LFI), SQL injection, and even stumbling upon a developer’s private server and taking advantage of the content within. Attacks like these are on the rise and this release provides a great example why organizations of all types and sizes must re-think the importance of information security. The data released is mixed between each target, but as a whole contains login credentials, private encryption keys, password files, and in some cases the vulnerability or exploit used to carry out the attacks. Below is a summary of the compromised targets covered in the e-zine: Klas One of the more interesting disclosures included that occurred earlier this month comes from Klas, a telecom company that NullCrew had recently had been in contact with over the breach. Klas had even thanked them for pointing out the security flaws and offered to buy them a beer, but it did not stop NullCrew from adding the user accounts to the e-zine, which appear to be mostly military personnel. You can read our interview with NullCrew about the Klas breach for more information. UVA The University of Virginia (UVA) has had a few incidents over the past couple years, and was not able to keep NullCrew out, as they have been successful in penetrating their systems and obtaining data. They have set sight on the university’s Internet technology servers, resulting in the dump of six database user tables from different subdomains as well as a DSA private key, a bunch of public SSH-RSA keys and a listing of close to one million files from their servers. NullCrew also claims that they have had backdoors into UVA for over a year and that they were responsible for a previous breach from last year. Spokeo Spokeo is an interesting breach as it was carried out due to the lack of security that one of their developers had on a private server that contained a copy of the spokeo blog, which in turn allowed NullCrew to get access to the main blog as far back as January. The group defaced the blog and lifted the WordPress database leaving the administrator accounts and over 5,000 people’s emails, names, and comments exposed. Since Spokeo is a data aggregator and collects detailed information from white pages listings, public records and social networks there could be a fair amount of additional information also at risk. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Nullcrew Compromises 9 Sites Including Spokeo and University of Virginia Jake (Apr 21)