Member of Computer Hacking Group NullCrew Pleads Guilty to Governments, Corporations and Universities
A Tennessee man has pleaded guilty in Federal Court on Tuesday. He accepted that he joined the hacker group NullCrew in an attack on a “large Canadian telecommunications company” two years ago.
As a member of the hacking group “NullCrew,” Timothy Justen French exploited computer vulnerabilities to obtain unauthorized access and steal confidential information, including encrypted personal data of thousands of individuals.
French, 21, of Morristown, Tenn., faces up to 10 years in prison and may be ordered to pay monetary loss up to $792,000 caused due to his cyber-attacks at his sentencing hearing, set for March 9, 2016 at 3.45 pm. His eventual prison sentence is more likely to fall between 46 and 57 months. French acknowledged a plea declaration and admitted his guilt to U.S. District Judge Gary Feinerman.
NullCrew is a group of computer hackers who carried out a series of cyber-attacks against businesses, universities and governmental entities in the United States and worldwide. In June 2014, French was accused of conspiring with others to take, and post online, 12,000 customer usernames and passwords from Bell Canada. On Tuesday, he admitted in the plea declaration that he participated in at least six additional cyber-attacks targeting unidentified businesses, universities and governments while a member of NullCrew from 2012 to 2014. One of the attacks was carried out against a large Canadian telecommunications company, while another attack targeted a U.S. state.
According to the plea declaration, French and other members of NullCrew maintained Twitter accounts, including @NullCrew_FTS and @OfficialNull, which they used to announce their cyber-attacks, ridicule their victims and publicly disclose the confidential information they had stolen, to publicize their intrusions.
French admitted Tuesday to using the online handles to hid his true identity by using Internet aliases, including “Orbit,” “@Orbit_g1rl,” “crysis,” “rootcrysis” and “c0rps3.” The feds say someone using the “rootcrysis” handle boasted in an online chat with an undercover informant after the attack on Bell Canada, writing, “Yup LOL. Gained ALOTTTTTTT of attention. I’ve done like four interviews.”
A criminal complaint accused French of involvement in several cyber attacks by NullCrew between July 2013 and April 2014. According to prosecutors, NullCrew released information from the victims’ computers and caused “significant financial damages to the universities and companies” in each attack. The group spoke with excessive pride of wanting to “f— the system” and claimed credit for hacking the United Kingdom’s Ministry of Defense in 2012.
French has struggled since his arrest to stay away from drugs and from the Internet say Prosecutors. U.S. Magistrate Judge Daniel G. Martin ordered French locked up in May over allegations of drug use, missing counseling appointments and skipping drug tests. The judge later let him stay with his father in Tennessee, but French was caught in September lurking in his car outside a Tennessee McDonald’s, taking advantage of the restaurant’s free Wi-Fi signal. Again four weeks ago, Martin ordered him locked up and he remains in federal custody.
The guilty plea was announced by Zachary T. Fardon, United States Attorney for the Northern District of Illinois; and Michael J. Anderson, Special Agent-in-Charge of the Chicago Office of the Federal Bureau of Investigation.
The government is represented by Assistant U.S. Attorney William Ridgway.