FBI arrests alleged NullCrew hacker

Arrest. Image courtesy of Shutterstock.

Arrest. Image courtesy of Shutterstock.Federal prosecutors have arrested and charged a Tennessee man for allegedly conspiring to attack a number of businesses and educational organisations since the middle of 2012.

According to court papers, Timothy Justin French (aka “Orbit”) is part of a hacking group, known as NullCrew, who have claimed responsibility for a number of high-profile attacks against telecommunications companies, educational institutions and government agencies.

The FBI, who arrested French last Wednesday at his home address in Morristown, ‘without incident’, is still searching for other members of the NullCrew group.

According to the complaint affidavit, an FBI operation which made use of a ‘confidential witness’ was ultimately responsible for tracking French down.

The Fed’s inside man, joined in online conversations with NullCrew members on Skype, Twitter, and the open source encrypted messaging system Cryptocat.

During those chats the anonymous helper was able to learn of the group’s plans, including current, past and future targets, as well as gather intelligence on vulnerabilities and hacking methods.

The FBI used the data gathered by the witness to track the IP address of a computer used in some of the NullCrew attacks which, ultimately, led the agency to French’s front door.

NullCrew came to prominence on July 13, 2012 when it successfully breached the World Health Organization (WHO) and the Public Broadcasting Service (PBS), later releasing usernames, passwords and email addresses via Pastebin.

The group has since allegedly carried out other attacks against UK universities, the UK Ministry of Defence, the Department of Homeland Security and big businesses, including Comcast and Bell Canada.

French, who has been charged with conspiracy to commit computer fraud and abuse, is claimed to have been involved in five cyber attacks launched by NullCrew.

Those incursions, it is alleged, include two universities, a large Canadian telecommunications company, a large California-based company and a large mass media communications company.

According to the court filing, each of those attacks led to significant financial losses for the victims, including the costs of responding to the attacks, assessing the damage caused and restoring the affected computer systems.

Zachary Fardon, US attorney for the Northern District of Illinois, said:

Cyber crime sometimes involves new-age technology but age-old criminal activity - unlawful intrusion, theft of confidential information and financial harm to victims.

Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity and to protect cyber victims.

If French, who now awaits trial in Chicago, is found guilty of all charges he could face a period of up to ten years in jail, as well as a fine of $250,000.

Image of arrest courtesy of Shutterstock.