Accused of not being sufficiently creative on their Twitter account, NullCrew responded, “You mean like LulzSec, how they would say all this stupid shit? Yeah... We're not like that.” This was immediately after NullCrew had pasted the haul from their latest victim, Ford Motor co, on Pastebin. What is noticeble is that NullCrew sometimes announces how they get into their victims’ systems – in this case via an error-based SQL injection vulnerability.
The crew had also just published (on Saturday) what it terms its e-zine on Pastebin – but this was rapidly removed. It is still available on AnonPaste and details hacks into www.mt.gov (boolean-blind base SQL injection), www.la.gov (unspecified method, and “nothing worthwhile in the databases”), un.org (XSS in webtv.un.org), www.texas.gov and fhpr.osd.mil (both unspecified). A related post still on Pastebin and posted on Thursday 25 October, explains the rationale: a new international protest against what it calls “corrupt governments and agencies. By agencies, I'm talking about organizations like Monsanto for example.”
In announcing this new operation, which it calls ‘F-theSystem’ it calls for groups to unite in their opposition. “You do not need to be in NullCrew, Anonymous, or any official hacktivist/activist group. You don't need any knowledge with technology. There are other ways to fight. Protests, Articles, Video footage...”
However, it is the online criminal expertise of NullCrew that will worry cyber law enforcement. Last month NullCrew hacked into Cambridge university. Earlier this month they breached Orange.co.uk, the World Health Organization, Sony (again), and dumped details from Foxconn and state.gov.
NullCrew has already been around for longer than the famous 50 days of LulzSec; and seem better at covering their tracks than predecessors like LulzSec and UGNazi. But one thing we can all be sure of is that the FBI and SOCA and Europol are all looking for NullCrew.