NullCrew’s gorilla

A portion of Time Warner Cable’s website was replaced by hacktivists who defaced the support section with a picture of a gorilla accompanied by a message exposing key passwords and a list of employees authorized to get access to make changes to the website.

Hackers from the NullCrew Collective took credit for the breach, upset that Time Warner Cable, in conjunction with the entertainment industry, is participating in the controversial anti-piracy “six strikes” program, which will give broadband customers up to six warnings when caught downloading copyrighted content. Customers found participating in peer-to-peer file transfers that involve certain software, movies and music may have their Internet access suspended until they agree to a conversation with the cable operator about illicit downloading.

The hacktivist group’s breach did not affect all of Time Warner’s website, but was enough to attract attention. The group also publicized that Time Warner’s web administrators never bothered to change certain default login information, including a core password still listed as: changeme. The attack also exposed one of the system’s SSL-key passwords.

“LOL FAIL, learn to change default passwords,” came an admonishment from the group.

NullCrew was founded in 2012 and has been credited with several high-profile computer attacks that target corporations and government agencies it deems corrupt.

[Thanks to Stop the Cap! reader Paul for sharing details.]