The hacker collective known as NullCrew has been busy. After making some waves with their hack of a Bell Canada subdomain operated by a third-party supplier, the hacking collective just announced a hack involving Comcast.
As it did with Bell, the @NullCrew_FTS account on Twitter gave advanced notice that they would be announcing the hack today:
Next up to the plate. @Comcast #NullCrew
— NullCrew (@NullCrew_FTS) February 5, 2014
And more specifically:
@ComcastMelissa @NullCrew_FTS Fix the vulnerabilities in your mail servers before we pwn them? Zimbra sucks, didn’t you know?
— siph0n – #NullCrew (@siph0n_NC) February 5, 2014
That was at 2:59 pm ET. By then, of course, the damage had already been done. The hackers directed some other tweets at @ComcastMelissa which she did not seem to appreciate as a serious warning, because she didn’t respond. At one point, I even tweeted to the hackers:
@NullCrew_FTS @siph0n_NC Your tweets to @ComcastMelissa appear over her head. Hope she realizes to fwd them urgently to @Comcast security.
— Dissent Doe (@PogoWasRight) February 5, 2014
but still no response from Comcast.
The taunts/teases continued:
Fun Fact: 34 Comcast mail servers are victims to one exploit.
— NullCrew (@NullCrew_FTS) February 5, 2014
And:
@NullCrew_FTS Thanks for putting all those passwords in one spot for us @comcast. We couldn’t have done it without you!
— siph0n – #NullCrew (@siph0n_NC) February 5, 2014
The link to the data dump was posted shortly thereafter.
The data dump, which DataBreaches.net will not link to, includes a list of over 30 Comcast mail servers and details of the exploit. Each of the mail servers “run on something called, “Zimbra,” NullCrew writes, and are vulnerable to LFi,” (local file inclusion vulnerability) “and you know what LFi can lead to, right?” they write. Even to my untrained eye, this doesn’t look good as it looks like they’ve included passwords.
NullCrew did not dump any customer data in the paste.
So what will Comcast have to say about all this? I’ve emailed them for a statement and also asked whether they had trained staff to escalate alerts of security attacks. I’ll update this post or start a new post if and when I get a response.