The US Department of Defense site is the Pharmacoeconomic Center, an organization devoted to “Improving the clinical, economic, and humanistic outcomes of drug therapy in support of the readiness and managed healthcare missions of the Military Health System.” Access to the public-facing data requires acceptance of numerous conditions, including for example, “Communications occurring on or data stored on this IS, or any device attached to this IS, are not private. They are subject to routine monitoring and search.”
NullCrew, however, claims to have breached the site and has revealed the IP address, server details and the names and addresses of associated military medical groups. Although there is nothing very confidential or sensitive in this information (apart from the IP address), nevertheless it is a serious embarrassment to a military organization.
The defense.gov breach is more worrying, with the comment from NullCrew, “Bypass Akamai is so easy.” This dump includes names, email addresses (including ones from langley.af.mil and pentagon.af.mil), and phone numbers. For the most part the details are separate and don’t seem related –although, of course, names can often be deduced from email addresses. One section that NullCrew describes as ‘Special Operation’ is different, containing related names, positions, phone number and email address. Such information is valuable data for targeted phishing attacks.
The NSA dump comprises what NullCrew describes as ‘sensitive servers’ including IP addresses – and an infrastructure map. The MasterCard hack provides a similar list of ‘sensitive servers’ but also includes a list of ‘sensitive’ email addresses.
For BB&T, NullCrew provides a brief description. It “is an American bank with assets of US$178.5 billion (August 2012), offering commercial and retail banking services...” This, too, is a list of ‘sensitive’ servers with IP addresses.
NullCrew generally makes few comments about itself. It has often been compared to LulzSec but without LulzSec's taunting flamboyance. Yesterday it made a brief diversion with a taunt aimed at the FBI. "The FBI can't do forensics. They're just waiting for us to make a mistake on our part :3. Not going to happen fellas."