UPDATE: CUP Responds to Hack Attack

NullCrew are planning a second attack on the University computer network.

| UPDATED

UPDATE:

19:30, 17th September 2012.

Cambridge University Press have issued a statement following yesterday’s cyber attack.

The Chief Information Officer, Mark Maddox said: “Over the last few weeks the University and other organisations have been targeted by a hacker group calling themselves ‘Null Crew’. Yesterday afternoon they exploited a vulnerability in a 10-year-old website to download an old list of staff at Cambridge University Press, along with an encrypted version of some staff passwords, which were two years out of date.

“We can confirm that nothing more sensitive was affected, and no one’s personal security has been compromised. We have suspended the operation of some systems whilst we check them. Over the next few days we will continue to test these systems and we will be reinstating any affected services.”

 

———

UPDATE:

18:50, 16th September 2012.

NullCrew have published the results of today’s attack on the University.

This attack was targeted at Cambridge University Press, but although a total of 4,306 usernames were released, the hacking group was only able to expose a fraction of their passwords.

NullCrew released the following message with the data dump:

“We warned you Cambridge, and we gave you 24 hours to tweet and DM us. Apparently, it was too difficult to do so. So unfortunately for you, we are dumping more databases. Today we will only give up some data, to get the attention of Cambridge University. Keep in mind, you can take the subdomain offline, but we have all the data saved, so you’re screwed no matter what you do.

“If you don’t take our demands seriously this time, more data will be dumped. If you keep ignoring us, we will keep dumping. We are aware many of these accounts weren’t dumped along with the passwords. Because as we said before, we only want the attention of the University and Media. If the university still fails to cooperate, then we will have to dump more data.”

 

———

UPDATE:

17:55, 16th September 2012.

As promised, NullCrew have started further cyber attacks on the University. According to their official Twitter, they have started to leak ‘4,000+’ Cambridge accounts onto the text sharing website Pastebin.

The group had previously given the University 24 hours to respond, but failure to do so led the group to tweet: You had 24 hours to stop it, but your ignorance must’ve gotten the best of you.’

‪———

NullCrew, the hacking group behind the cyber attacks on the University computer network last month, have threatened further attacks within 24 hours unless the University responds to them.

A second attack on Cambridge was initially announced via the group’s Twitter account on Friday, reading: “Hacking into #Cambridge again. #NullCrew”.

NullCrew’s second tweet

This was followed by a larger threat the following day, which said: “If Cambridge authorities don’t want another dump, now is the time to speak up. Tweet me + DM. You have 24 hours.”

Last month’s attack exposed the login information of seventeen academics within the Centre for Research in the Arts, Social Sciences and Humanities, as well as administrator login details for several departments, including the Fitzwilliam Museum.

The new batch of confidential data is due to be released this afternoon if the University does not comply. However, the extent of NullCrew’s demands remain unclear.

NullCrew have chosen Cambridge as a target because they believe that it would give #OpFreeAssange the most publicity.

They claim not to be targeting students at this stage.The University was unavailable for comment.

More details to follow.