Pro-Assange group NullCrew hack data from Cambridge computer system for the second time
New release of Cambridge data on pastebin (see the link here) but CUP explain attack is neither security threat nor invasion of privacy
UPDATE: 17th September 6pm
Cambridge University Press have released a statement, claiming that the release of the files poses 'neither a security threat nor an invasion of privacy'.
The Chief Information Office, Mark Maddox said: “Over the last few weeks the University and other organisations have been targeted by a hacker group calling themselves 'Null Crew'.Yesterday afternoon they exploited a vulnerability in a 10 year old website to download an old list of staff at Cambridge University Press, along with an encrypted version of some staff passwords, which were two years out of date.We can confirm that nothing more sensitive was affected, and no one’s personal security has been compromised. We have suspended the operation of some systems whilst we check them. Over the next few days we will continue to test these systems and we will be reinstating any affected services.”
UPDATE: 16th September 7pm
THE HACKED DATA: @OfficialNull have posted a link to pastebin - http://pastebin.com/Cz893VCP. Not all of the accounts listed have had their passwords hacked, though. @OfficialNull tweeted us to confirm: entries followed by 'null' means that "no passwords were found with that SQL entry". NullCrew have only been able so far to give passwords for around 190 of the 4036 accounts listed.
The statement released said: "We warned you Cambridge, and we gave you 24 hours to tweet and DM us. Apparently, it was too difficult to do so. So unfortunately for you, we are dumping more databases. Today we will only give up some data, to get the attention of Cambridge University. Keep in mind, you can take the subdomain offline, but we have all the data saved, so you're screwed no matter what you do. If you don't take our demands seriously this time, more data will be dumped. If you keep ignoring us, we will keep dumping. We are aware many of these accounts weren't dumped along with the passwords. Because as we said before, we only want the attention of the University and Media. If the university still fails to cooperate, then we will have to dump more data."
A representative of Cambridge CERT (Computer Emergency Response Team) has confirmed that the data released is from Cambridge University Press.
A University spokesman told Cambridge News: "This is a publicity-seeking enterprise. The university is making sure that no-one’s personal security is harmed by this."
UPDATE: 16th September 6pm
In response to our tweet asking why they want the University to get in touch, @NullOfficial said: "We want them to just tweet at us, then DM us and we'll sort it out form [sic] there privately". No comment from University.
Chris Havergal, a reporter for the Cambridge News asks @OfficialNull, "Where is this information? How can we verify this?". The response: "The information will be uploaded to Pastebin shortly. Then if I still don't get a response after that, more will be leaked".(Pastebin is a website for storing text online, used by NullCrew in many of their previous attacks, including the one against Cambridge.) Exactly what kind of response from the University the hackers are hoping for is as yet unclear. In response to an earlier tweet from Associate TCS News Editor Michael Yoganayagam questioning their motives, @OfficialNull said: "If our plan works out the way we hope it does, it will all make sense. Trust me".
UPDATE: 16th September 4pm
At 3pm NullCrew tweeted: "It's been 24 hours, Cambridge...Let the dump begin #NullCrew" and then "You had 24 hours to stop it, but your ignorance must've gotten the best of you #Cambridge #NullCrew".
This followed an hour later by: "4000+ Cambridge accounts are being dumped as we speak #NullCrew". And 'LulzMystical, who describe themselves as supporters of @officialnull and a part of #OpFreeAssange responded, "Yummy".
UPDATE: 16th September 8am
NullCrew retweet this article with the message 'the clock is ticking @CambridgeUni'. After a burst of twitter activity last night, NullCrew have gone quiet. Guess we'll have to wait and see what happens.
ORIGINAL ARTICLE: 15th September 11pm
NullCrew, the pro-Assange group behind last month’s hacking of the Cambridge computer system, has threatened another release of Cambridge data within 24 hours if the university does not respond to them.
The threats made on their twitter page started on the 14th September with the first reading: "Hacking into #Cambridge again. #NullCrew" which was followed by another saying: "If Cambridge authorities don't want another dump, now is the time to speak up. Tweet me + DM. You have 24 hours."
When contacted by Varsity for a statement they replied that "Students aren't the targets. If the plan works, you'll see what we did." Questioned as to whether Cambridge was being made the target of their hacking for any particular reason or simply because they could, they replied that it was: "Because we can, and it will get #OpFreeAssange the most publicity. People need to realize what's going on."
Last month's attcak on the Cambridge computer system saw 17 academics' login details published online and resulted in areas of the system briefly being taken offline by the University as a preventative measure. However, so far only academics' details have been released and students are yet to be directly affected by the hacking.
There has not yet been an official response from the University and it remains to be seen whether these are empty threats or if, like two weeks ago, the group has managed to hack into the system again.