After almost one month in which they’ve been quiet, the hackers from the NullCrew collective have returned. They claim to have breached the Study in the States website, managed by the US Department of Homeland Security (DHS).
The hackers have published WordPress configuration details, along with other server information and even database login credentials. They’ve also revealed the exact location of the vulnerability that has allowed them to gain access to the site.
As CWN highlights, it appears that the DHS has been using an older, vulnerable version of WordPress for the Study in the States website, allowing the hackers to easily gain access to its backend.
The leak is part of the operation dubbed [Expletive]TheSystem, a campaign initiated in October 2012 in protest against governments.
Note. Since the leak contains clear-text database access passwords, I will not be providing a link to the file published by the hackers.