Time Warner Cable Support Service Hacked and Defaced by NullCrew
Time Warner Cable Inc has had its main website for its cable service hacked and left defaced with its embarrassing administration password. The attack has been carried out by members of NullCrew who have announced it on twitter and posted a screen capture to freezepage> Time Warner Cable: supportcenter.timewarnercable.com:8888/sdcxuser/ @youranonnews @thehackersnews @cyber_war_news @anonymousirc @anonymousopsirc @officialhmei7 — NullCrew (@NullCrew_FTS) March 6, 2013
The main target was TimeWarnerCable.com online support service administration area which is running on port 8888 for web access. Null Crew members Orbit and Doc gained access via a exploit found in the systems ASP which allowed them further access to be able to escalate user permissions and as a result they found out the administration had an account with the password set as "changeme" which is just shocking to say the least. The attack has also exposed what is said to be one of the systems SSL key passwords. The website was also defaced with a dump of information and partial configuration files from the server and at time of publishing the websites defacement was still active via port 8888 which is the administration access. In recent weeks we have seen more and more high profile targets come under attack by hackers who have left them shamed for lack of security on systems they use.