Update: Pro-Assange hackers target Cambridge University

Michael Yoganayagam, Associate News Editor 28 August 2012

Cambridge University is currently investigating claims by a computer hacking outfit that they have hacked several University email accounts, after usernames and passwords were leaked on the Internet.

The claims have been made by a group called NullCrew, who have identified themselves with Anonymous, a movement of international ‘hacktivists’ whose targets have, in recent years, included the websites of the US and UK governments. NullCrew’s actions seem to have been motivated by support for Julian Assange, founder of the controversial whistleblower website Wikileaks.

In a statement appended to the leaked data, entitled “University of Cambridge Hacked”, NullCrew have threatened further action, writing: “There is much more where this came from, and don’t think this is the end. NullCrew, along with the whole Anonymous movement isn’t near finished with you. And we never will be, until the right thing is done with Julian Assange. Next time it will be worse, we guarantee it.”

The attack seems to have occurred during the early hours of Saturday morning, with NullCrew tweeting just before 1am: “3 Subdomains hacked on http://cam.ac.uk. Still hacking more as I’m tweeting. #OpFreeAssange #NullCrew”.

The group then leaked its obtained information online, including the login information of 17 members of the Centre for Research in the Arts, Social Sciences and Humanities (CRASSH) as well as other information from the Fitzwilliam Museum, the Department of Chemical Engineering and the Department of Physics.

It is understood that undergraduate accounts have not been affected.

A University spokesman told The Cambridge Student: “We are aware of the NullCrew claims and investigations are under way.”

In March last year, Assange broke a four-month silence and addressed hundreds of students at the Cambridge Union Society. Assange was at the time under house arrest in Norfolk, and appealing against a UK court’s decision to extradite him to Sweden to face questions over sex assault claims.

In a controversial appearance, and under heavy protection from police and private security guards, he told students: “The battle between those who want to use the internet as a tool of liberation and those who want to use the internet as a tool of control, mass control, is not over, it’s only just beginning.”

Two weeks ago, Assange was granted asylum by the government of Ecuador after he took refuge in their London embassy in June following the failure of his appeal against extradition to Sweden. Assange fears extradition to Sweden may ultimately lead to extradition to the USA to face questions over a mass of leaked US diplomatic cables published by Wikileaks in 2010, which he maintains may lead to the death penalty in a violation of his human rights.

Today, NullCrew leaked information from an alleged hack of the electronic payments firm PayPal, which along with companies such as Visa and MasterCard, boycotted Assange’s Wikileaks website after the diplomatic cables leak.

Cambridge’s link to Assange however is unclear, though NullCrew may simply be attacking perceived ‘establishment’ institutions in countries seen as hostile to Assange, such as the UK and the US. In July this year, the same group claimed to have hacked the database of Yale University – a spokesman for the Ivy League institution later confirmed that the group had obtained files containing the personal information of 450 students.

UPDATE 29th August 2012

A statement released today (29th August) by the University Computing Service has sought to play down the extent of the breach.

It reads: “A group calling itself ‘NullCrew’ claims to have obtained login details for some web based resources hosted on University systems. As a preventative measure these have been taken offline while IT staff investigate the claims.

“The hacking group itself has not claimed to have compromised the email login details of members of the University, and there is no evidence to substantiate such a suggestion.”

UPDATE 1st September 2012

In an exclusive statement to TCS, hacking group NullCrew has described Cambridge University as “pathetically easy to hack”.

It has also shed a little more light onto why it targeted Cambridge in particular. It appears the group had no particular connection between Assange and the University in mind, and were merely seeking to further raise the profile of the Assange case.

NullCrew told TCS: “We hacked it because we’re trying to make a big impact. We want the world to know about Assange, and what’s going on. That way we have more people joining in to fight the battle for Assange.

“The government is scared of the people, and everyone knows it. But we need everyone to join in on this battle, and help Assange.”

It went on: “Cambridge was pathetically easy to hack. We focused on the web application, but the network is no more secure than the web-app.”

However, asked about further plans to target Cambridge University, NullCrew appeared to show restraint.

“We don’t think we’ll release anymore database info from Cambridge. If we hack it we will gain full access.”

Michael Yoganayagam, Associate News Editor