Comcast is Latest NullCrew FTS Victim

Following its weekend hack of Bell Canada, and confirming its assertion that it would target major communications companies, NullCrew FTS has now hacked Comcast. As with Bell Canada, the hackers reported the process to the victim's support services, and taunted the support rep for not seeming to recognize what was happening.

ComcastMelissa, described on Twitter as "ComcastCares’ Digital Ninja providing support with ComcastCares Support team," responded to NullCrew FTS, "@NullCrew_FTS Hello how can I help." NullCrew, which now prefers the full name NullCrew FTS (which stands for 'Fuck The System'), responded: "Fix the vulnerabilities in your mail servers before we pwn them? Zimbra sucks, didn't you know?"

It is probable that by this time it was too late. Zimbra is a groupware email server used by Comcast as an internal communications platform. "Fun Fact:" Tweeted NullCrew FTS, "34 Comcast mail servers are victims to one exploit."

"NullCrew exploited an unpatched security vulnerability, CVE-2013-7091, to gain access to usernames, passwords and other sensitive details from Comcast's environment," explains Chester Wisniewski on the Sophos NakedSecurity blog. The vulnerability in question was disclosed in December 2013, further demonstrating that failure to patch systems will not long go unpunished. "None of us can assume that it will take time, especially 60 days, for criminals to determine they can take advantage of flaws in our programs," adds Wisniewski.

NullCrew FTS then proceeded to post details from the hack on Pastebin. The file in question has since been removed by Pastebin, but it included a list of the Comcast servers running Zimbra and the comment, "each of these mail servers also are vulnerable to LFi [local file inclusion], and you know what LFi can lead to, right?"

NullCrew FTS, comments, "did not dump any customer data in the paste." That doesn't mean, of course, that the hackers haven't got it. 

Meanwhile, Comcast, like Bell Canada, is remaining tight-lipped about the incident. "So what will Comcast have to say about all this?" asks "I’ve emailed them for a statement and also asked whether they had trained staff to escalate alerts of security attacks. I’ll update this post or start a new post if and when I get a response." Meanwhile, it tweeted a reminder to Bell Canada following the Comcast incident: "Ah, @Bell, ignoring my e-mailed questions will not make them - or me - go away." 

What’s Hot on Infosecurity Magazine?