NullCrew Hacker Pleads Guilty to At Least Seven Targeted Attacks | Tripwire

NullCrew Hacker Pleads Guilty to At Least Seven Targeted Attacks

Posted on December 11, 2015
FTC Says Identity Theft Victims Don't Always Need a Police Report
A member of the hacking group NullCrew has pleaded guilty in federal court to having participated in at least seven targeted attacks between 2012 and 2014.
security116.jpg
 Source: Softpedia On Tuesday, Timothy Justen French, 21, of Morristown, pleaded guilty to a single count of intentionally damaging a computer without authorization. The Washington Times reports that under a plea agreement to which French agreed, this one count consolidates three others with which the former hacker was charged. In adherence to the plea agreement, French admitted to having participated in at least seven targeted attacks launched by NullCrew between 2012 and 2014, in total causing some $792,000 worth of damages to universities, government entities, and prosecutors. One of the attacks was directed against Bell Canada, during which he conspired with others to post 12,000 customers' usernames and passwords online, writes Techworm. Another attack targeted a U.S. state. For each attack, French and his fellow hackers enjoyed publicizing the extent of their exploits online:
"To publicize their cyber-attacks, Mr. French, Individual A, and other members of NullCrew maintained Twitter accounts, including @NullCrew_FTS and @OfficialNull, which they used to announce their cyber-attacks, ridicule their victims, and publicly disclose confidential information they had stolen through their cyber-attacks," reads the plea declaration. "Mr. French, Individual A, and other members of NullCrew hid their true identities by using aliases when communicating with the public and with each other. Mr. French used the aliases 'Orbit,' '@Orbit_g1rl,' 'crysis,' 'rootcrysis,' and 'c0rps3.'"
However, according to other members of NullCrew, French made several opsec errors when he decided to use hacker nickname from his daily life, frequently forgot to use a virtual private network (VPN), and utilized Skype for conversations with other members of the hacking group.
"To begin with, and for the love of sweet baby jesus, delete your old f*cking personas COMPLETELY before adopting new ones you intend to commit federal crimes with," @NullCrew_FTS stated in a post on Pastebin lambasting French. "I told that f*cking idiot Timmy (c0rps3, Orb1t_G1rl, rootcrysis) that his dox was too easy to find and provided ways for him to escape it. He obviously didn’t."
Ultimately, the FBI was able to track down French via an IP address he used to steal data from Bell Canada. The hacker was arrested on June 11, 2014. According to the FBI's statement, French faces a maximum sentence of 10 years in prison for his crimes. He will be sentenced on March 9, 2016. This news follow on the heels of the arrest of an alleged hacker earlier this fall on charges of having gained unauthorized access to a database of U.S. security officials and passed along their personal information to members of the Islamic State.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!