NullCrew Associate Arrested and Charged

A Tennessee man believed to be affiliated with the NullCrew hacktivist group was arrested and charged with federal computer hacking
A Tennessee man believed to be affiliated with the NullCrew hacktivist group was arrested and charged with federal computer hacking

A Tennessee man believed to be affiliated with the NullCrew hacktivist group was arrested and charged with federal computer hacking for allegedly conspiring to launch cyber-attacks on two universities and three companies since last summer.

Federal law enforcement officials said that the defendant, Timothy Justin French, was arrested without incident by FBI agents at his home in Morristown, Tenn., east of Knoxville. He waived a detention hearing in Federal Court in Knoxville, and will be transferred in custody to face prosecution in US District Court in Chicago. The court date has yet been scheduled.

The complaint charges French with involvement in five specific cyber-attacks launched by NullCrew: a July 19, 2013, attack on a large public university; a Feb. 1, 2014, attack on Bell Canada; attacks in early 2014 against another university and a California-based company, both announced by NullCrew on April 20, 2014 as part of a series of hacking attacks; and an attack against Comcast that NullCrew announced on Feb. 5, 2014.

In each of these instances, information allegedly hacked from the victims’ computers was released by NullCrew and caused significant financial damages to the universities and companies, including the costs of responding to the computer intrusions, conducting damage assessments and restoring the computer systems.

“Cyber-crime sometimes involves new-age technology but age-old criminal activity, unlawful intrusion, theft of confidential information, and financial harm to victims,” said Zachary Fardon, United States Attorney for the Northern District of Illinois, in a statement. “Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity, and to protect cyber-victims.”

NullCrew has used Twitter accounts to announce dozens of attacks against various victims, including links to posts on Pastebin containing usernames and passwords. For instance, in November 2012, NullCrew announced an attack on the UK's Ministry of Defense, releasing more than 3,000 usernames, email addresses and passwords purportedly belonging to members of the defense ministry.

The affidavit states that the FBI used an undercover source: a confidential witness was invited to join online chats with NullCrew members via Skype, Twitter and CryptoCat. The Nullcrew members discussed past, present and future computer hacks, shared current computer vulnerabilities and planned targets, and discussed releases of their victims’ information.

There was also old-fashioned sleuthing during the investigation. French had a number of hacker handles, including Orbit, @Orbit, @Orbit_g1rl, crisis rootcrysis and c0rps3. During each of the attacks, the investigation identified a computer user named Orbit, who was using an IP address assigned to French’s Morristown, Tenn., address. Records from the victims’ computers show access from the same IP address at or around the time the attacks were being discussed or occurred, according to the complaint.

The computer hacking charge in this case carries a maximum sentence of 10 years in prison and a $250,000 fine. If convicted, the court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines.

What’s Hot on Infosecurity Magazine?