Second member of #NullCrew arrested (updated to add complaint)
Following the arrest of a Quebec teen last week in the hacking of a Bell Canada supplier, a second person associated with #NullCrew (@NullCrew_FTS) has now been arrested. Kim Janssen reports:
A hacker who targeted big businesses — including Comcast and Canadian Bell — as well as schools, including the University of Virginia, will face justice in a Chicago courtroom, the feds say.
Timothy French, 20, was arrested by the FBI in his hometown of Morristown, Tenn., last week. He’s accused of being a key member of the hacker collective “NullCrew.”[…]
Charged with conspiracy to commit computer fraud and abuse, French allegedly used the online handles “Orbit,” “@Orbit,” “@Orbit_g1rl,” “crysis,” “rootcrysis,” and “c0rps3.”
Read more on Chicago Sun-Times.
Update: The U.S. Attorney’s Office for the Northern District of Illinois issued the following statement:
Alleged Associate of “NullCrew” Arrested on Federal Hacking
Charge Involving Cyber Attacks on Companies and Universities
CHICAGO — A Tennessee man was arrested and charged with federal computer hacking for allegedly conspiring to launch cyber attacks on two universities and three companies since last summer, federal law enforcement officials announced today. The defendant, TIMOTHY JUSTIN FRENCH, is allegedly associated with a group of individuals, known as “NullCrew,” who have claimed responsibility for dozens of high-profile computer attacks against corporations, educational institutions, and government agencies.
French, 20, was arrested without incident by FBI agents at his home in Morristown, Tenn., east of Knoxville, last Wednesday. He waived a detention hearing today in Federal Court in Knoxville, and will be transferred in custody to face prosecution in U.S. District Court in Chicago, where no court date has yet been scheduled. French was charged with conspiracy to commit computer fraud and abuse in a criminal complaint that was filed under seal on June 3 and was unsealed upon his arrest.
French, also known as “Orbit,” “@Orbit,” “@Orbit_g1rl,” “crysis,” “rootcrysis,” and “c0rps3,” and members of NullCrew allegedly launched computer attacks that resulted in the release of computer data and information, including thousands of username and password combinations.
“Cyber crime sometimes involves new-age technology but age-old criminal activity ― unlawful intrusion, theft of confidential information, and financial harm to victims,” said Zachary T. Fardon, United States Attorney for the Northern District of Illinois. “Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity, and to protect cyber victims.”
According to the complaint affidavit, NullCrew has used Twitter accounts to announce dozens of attacks against various victims, including the websites of two organizations in July 2012 and eight computer servers belonging to a large company in September 2012. In both instances, the announcements included links to posts on Pastebin, a website that allows uploading of text files for others to view, containing usernames and passwords associated with those victims. In November 2012, NullCrew announced an attack on a foreign government’s ministry of defense, releasing more than 3,000 usernames, email addresses, and passwords purportedly belonging to members of the defense ministry.
The affidavit states that the FBI has been working with a confidential witness who was invited to join online chats with members of NullCrew. During these chats, which occurred through Skype, Twitter, and CryptoCat, Nullcrew members discussed past, present, and future computer hacks, shared current computer vulnerabilities and planned target, and discussed releases of their victims’ information. The witness has assisted with the investigation primarily in an effort to help the FBI, the affidavit states.
The complaint charges French with involvement in five cyber attacks launched by NullCrew: a July 19, 2013, attack on University A, a large public university; a Feb. 1, 2014, attack on Company A, a large Canadian telecommunications company; attacks in early 2014 against University B and California-based Company B, both announced by NullCrew on April 20, 2014 as part of a series of hacking attacks; and an attack against Company C, a large mass media communications company, that NullCrew announced on Feb. 5, 2014.
In each of these instances, information allegedly hacked from the victims’ computers was released by NullCrew and caused significant financial damages to the universities and companies, including the costs of responding to the computer intrusions, conducting damage assessments, and restoring the computer systems.
During each of the attacks, the investigation identified a computer user named “Orbit,” who was using an internet protocol (IP) address assigned to French’s Morristown, Tenn., address. Records from the victims’ computers show access from the same IP address at or around the time the attacks were being discussed or occurred, according to the complaint.
The computer hacking charge in this case carries a maximum sentence of 10 years in prison and a $250,000 fine. If convicted, the court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines.
The arrest and charge were announced by Zachary T. Fardon, United States Attorney for the Northern District of Illinois, and Robert J. Holley, Special Agent-in-Charge of the Chicago Office of the Federal Bureau of Investigation. The investigation is continuing, they said.
The government is being represented by Assistant U.S. Attorney William Ridgway.
The public is reminded that a complaint contains only charges and is not evidence of guilt. The defendant is presumed innocent and is entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt.
Update: The complaint can be found on ScribD. It seems that the FBI’s confidential witness once asked French about this blog post from databreaches.net , and his response to the CW became some of the evidence against him.