Gov't contractor Klas Telecom responds to getting hacked by NullCrew

A skirmish erupted last week when hacking group NullCrew successfully broke into tactical communications company Klas Telecom. The global government contractor had an interesting response to its attackers.

NullCrew hacks Klas Telecom
Image via CNET.


Hacking group NullCrew's crime spree last week made a quick stop at government contractor Klas Telecom, where NullCrew pulled off a successful smash and grab of accounts and passwords.

Most interesting was Klas Telecom's response.

The company, which develops secretive covert communications solutions and equipment for U.S. and international federal governments, made a full public disclosure -- to start.

"Regardless of methods," a Klas spokesperson told ZDNet, "NullCrew delivered us a teachable moment and we're wasting no time learning from it."

NullCrew only briefly announced on Twitter that its flying saucer of crime and lulz was making a stop at Klas, giving no indication of success or publishing any evidence of a breach.

Yet a spokesperson for Klas told us, "The initial tweet made it to the security team less than 60 minutes after business opened and we immediately started looking for potential issues."

That meant a nine hour delay from Klas Telecom's U.S. office, which monitors its Twitter account.

NullCrew hacked Klas Telecom


Klas posted on its company blog

Washington, DC – On April 3, 2014, Klas Telecom’s legacy helpdesk system was attacked by the hacktivist group NullCrew.  A thorough security audit has been performed and measures have been taken to identify and eliminate vulnerabilities.

Although this helpdesk system has not been actively used in over two years, it is possible that names, email addresses, phone numbers, password hashes and queries on products sent to the helpdesk system between 2007 and 2011 may have been accessed by these attackers.

Klas told us, "Before Klas Telecom made a public announcement we took steps to fulfill our legal and moral obligations to our customers and contacted them directly to assist in limiting any potential impact."

Unlike NullCrew's last big victims, Comcast and Al Arabiya , Klas went straight to their customers with news of the hack. "We completed notifying our users before posting notice on the site (even had staff calling customers direct to make sure the message got out to the right people)."

But even though Klas was too late, the security team at Klas went on the offense after NullCrew.

Unfortunately in this case we got to looking at this legacy service 10 minutes after NullCrew copied some data to Mega.

Unfortunately we didn't crack their Mega password fast enough and the damage was done.

Klas did a bit of geeking out with us about what went down when NullCrew cracked their security. The Klas spokesperson told us,

The site NullCrew compromised has an interesting history. The reasons it was retired starting December 2011 included the site's vulnerability to certain attacks and generally poor architectural security.

After its retirement it was resurrected on another hosting platform as an historical reference for support personnel. The security in place at this point included a .htaccess limiting access to the site to traffic transiting a web application firewall, and additional measures that should have limited access to the site to Klas IPv4 and IPv6 ranges.

Unfortunately, due to the change in hosting platform several lines in the .htaccess should have been rewritten as variables and this was not caught on the snag list after the move.

Klas is still at work on this one, thanks to NullCrew.

"A number of other issues found have been fixed and some sections of internal and external sites have been disabled pending fixes," Klas said via email. "The general nature of NullCrew's original warning required us to look at every system we manage, internal and external."

Meanwhile, NullCrew's planetary crime fest appears to continue unabated.

See also: