Anti-media cybercrime spree continues: Al Arabiya hacked by NullCrew

After hacking and humiliating Comcast in February, NullCrew is back with HorsemenLulz in a successful hack on the mail servers of the second biggest media company in the Arab world, Al Arabiya.
Written by Violet Blue, Contributor

Today two strong hacker crews teamed up and hacked into Al Arabiya servers and published a list of the company's mail servers and a link to the root file with the vulnerability it used to penetrate the system on Pastebin.

Al Arabiya is the second largest media company in the Middle East, a rival of Al Jazeera.

Now because this media giant ignored a known security vulnerability in its email product, for which a patch was issued in December, the communications of all its journalists, executives and media sources are exposed and can no longer be considered secure.

Of patricular concern with this incident is the security of Al Arabiya journalists and their sources. Those using their mbc.net email addresses are now communicating about life-critical issues within a mail system that has been hacked.

The attack and public shaming of Al Arabiya is part of NullCrew's campaign to bring pain to media megacorporations.

On February 9, NullCrew hacked into Comcast's servers, a break-in which became famously ignored by Comcast.

This time, NullCrew FTS joined with The Horsemen Of Lulz for a smash and grab that appears to have netted access credentials to all accounts on the mail server of Al Arabyia's patent company, MBC.

NullCrew va AlArabyia

Most Al Arabiya staff and admin have mbc.net email accounts.

Null Crew and Four Horsemen state in their Pastebin post NullCrew & TheHorsmenLulz vs AlArabiya, "We ripped the important passwords and users from the localconfig.xml."

NullCrew hacked Al Arabyia


The successful break-in was through a Zimbra mail server vulnerability which has apparently gone unpatched by Al Arabyia since the Zimbra vuln was made public and fixed with a patch in December 2013.

NullCrew and FourHorsemen wrote,

Upon visiting mail.alarabiya.net we noticed that it was runnign Zimbra; where have we seen this before?

Oh yeah, Comcast! So, let's attempt the same method (Considering alot who run Zimbra still are vuln) we did then. 

As readers may know, users with an Al Arabiya email address may be using their mbc.net address for password reset purposes on another service or system, the attackers can compromise that user's account on the other system.

Al Arabiya is lists itsef as having between 500-1000 employees, with a global network of correspondents and offices in over 40 major cities.

The unpatched Zimbra vuln is the same security vulnerability reported in December 2013, also not patched by Comcast - Null Crew's last high-profile victim.

Comcast users faced increasing risk when the company neglected to inform users to change their passwords.

NullCrew FTS used the unpatched security vulnerability CVE-2013-7091 to open what was essentially an unlocked door for anyone access to usernames, passwords, and other sensitive details from Comcast's servers.

NullCrew FTS used a Local File Inclusion (LFI) exploit to gain access to the Zimbra LDAP and MySQL database — which houses the usernames and passwords of Comcast ISP users.

"Fun Fact: 34 Comcast mail servers are victims to one exploit," tweeted NullCrew FTS.

Comcast ignored news of the serious breach in press and media for over 24 hours — only when the Pastebin page was removed did the company issue a statement, and even then, it only spoke to a sympathetic B2B outlet.

Al Arabiya demographics place it second in reach to Al Jazeera, which claims to attract over 40 million viewers daily.

ZDNet has reached out to Al Arabiya for comment and will update this article accordingly.

April 3 1:45pm PST: There has been no response from Al Arabiya. Our article has been updated to reflect this, and clarify the concern for security danger to Al Arabiya's journalists and their sources.

Editorial standards