14 DAY TRIAL // Net Communications, or Netcom, appears to be the latest victim of the collective known as NullCrew.
According to the hackers, the Internet and hosting services provider became a target because its representatives didn't take any steps to patch up a vulnerability that affected their systems.
“My reason was simple. I reported it and they pretty much said ‘[expletive] off’,” one of the hackers wrote.
Besides database information, the hackers leaked the contents of tables that contain details on staff, clients and members.
While the staff and the clients tables don’t hold any sensitive data, the member table contains information such as usernames, password hashes, addresses, email addresses and other identification details.
The data leak seems to be legitimate, since the contents of the staff table matches the information provided on Netcom’s website.
We are attempting to get in touch with Netcom’s representatives and we’ll return with more details as soon as they respond.
Update. Simon Gurney, the Managing Director of Net Communications has responded to our inquiry. Here's what he said regarding the incident:
The expression " Cobbler's shoes" comes to mind!
News of PHP 4 being phased out reached us way back in 2007 with most of our clients being moved onto new servers running PHP 5 by 2008 when PHP 4 was announced end of life and no longer supported.
We kept an old PHP 4 server running with our website still on it while we were working to upgrade. However " Cobbler's shoes" our clients' work always comes first!
Net Communications has been an I.S.P. for 17 years which must make us one of the industry's older members (but never complacent). We are based amongst sheep and sugar beet in very rural North Norfolk and in TELEHOUSE Docklands.
“My reason was simple. I reported it and they pretty much said ‘[expletive] off’,” one of the hackers wrote. I'm not sure about this as we are a small office and that is not the sort of language used except perhaps when the sheep get out.
I'm wondering if they spoke to one of the many companies calling themselves Netcom and variations of Net Communications by mistake?
A lesson for all. Never keep legacy systems running or you will be found sooner or later.