US Government hacked by NullCrew, Thousands of administrator credentials leaked

Posted on by Lee J

preview Yesterday we posted a small article that was a preview to an upcoming leak from hacker collective NullCrew. We got tipped off to this attack by NullCrew member @0rbit_g1rl who sent us some previews of data and targets that had been attacked. Today the @OfficialNull twitter account has made an announcement that the leak has been released as a "zine". > https://pastebin.com/raw.php?i=MHzT9mQf …#NullCrew #Anonymous #FuckTheSystemzine. @YourAnonNews@Cyber_War_News @TheHackersNews

The effected websites are mt.gov (7000 credentails.) la.gov (db layout only) Un.org (xss opnly) unesco.org (administration credentails) unescoetxea.org  (administration credentails) www.unesco.lacult.org (administration credentails) Texas.gov (administration credentails) fhpr.osd.mil (user/administrator credentails, 2000+) In the leak comes a few short messages.

We here at NullCrew believe in non-censorship, and have noticed something.. # We have noticed that the government will never change their ways, they simply refuse to. No matter how much violence they cause, no matter how many times they refuse to admit their wrongs. No matter how many times they have denied documents for being factual. Even better, they REFUSE TO LET THEIR PEOPLE BE FREE! America, you have been a primary target for activists, and hacktivists alike. The true freedom fighters whom prove you wrong, you censor us; lock us away in prisons. You take away our freedom of speech, if the world relied on things such as free-source.. The world would be a less corrupt place. Sadly, that won’t happen anytime soon; as long as people from the system are greedy! Everyone shout: Let us be free!

Message to the Montana government from nullcrew and all usernames and passwords appear to be stored in cleartext and that totals over 7000 of them on the mt.gov server.

Montana, unsecure; extremely unsecure. Unproperly sanitized code, leading to disclosure of all files on the server. Boolean-blind base SQL Injection Several exploits on several subdomains, plus the main domain. Let’s have a look, shall we?

The other large attack from this leak is on the militarys "Force health protection and readiness" based website and the leak contains 2262 usernames, emails and encrypted passwords. All leak archives by NullCrew can be found on ozdc.net 

Category: Breach Incidents