FBI arrests alleged NullCrew hacktivist on federal charges

After several corporations and universities were targeted in cyberattacks, the US government arrests Timothy French for allegedly posting thousands of people's usernames and passwords online.

NullCrew Twitter logo. NullCrew

The US Department of Justice announced Wednesday that it has charged a man it believes to have been involved in a coordinated series of cyberattacks against corporations, universities, and government agencies.

Timothy French, 20, was arrested by the FBI in Tennessee last week. The government said French was part of a hacking group called NullCrew. This group is known for activist hacking, which aims to shame targets rather than steal money and credit card data.

Law enforcement officials said they've collected information on cyberattacks against two universities and three companies last summer that they believe were instigated by NullCrew. Some of these attacks resulted in thousands of username and password combinations being published on the web.

In one incident, more than 3,000 usernames, email addresses, and passwords for members of a foreign government's ministry of defense were released. The Department of Justice is not releasing the names of the companies and universities targeted in the attacks.

"Cyber crime sometimes involves new-age technology but age-old criminal activity -- unlawful intrusion, theft of confidential information, and financial harm to victims," United States Attorney for the Northern District of Illinois Zachary T. Fardon said in a statement. "Hackers who think they can anonymously steal private business and personal information from computer systems should be aware that we are determined to find them, to prosecute pernicious online activity, and to protect cyber victims."

French allegedly had several online aliases, including "Orbit," "@Orbit," "@Orbit_g1rl," "crysis," "rootcrysis," and "c0rps3." According to the Department of Justice, NullCrew used popular sites like Twitter and Skype to both organize attacks and tout its exploits by posting links to breached information.

French is charged with conspiracy to commit computer fraud. If found guilty, he faces up to 10 years in prison and a $250,000 fine.