Bell Canada Hacked by NullCrew

Share

Related Links

Top 5 Stories

News

Bell Canada Hacked by NullCrew

03 February 2014

Bell Canada announced Sunday that "22,421 user names and passwords and 5 valid credit card numbers of Bell small-business customers were posted on the Internet this weekend." It claims that it was not directly breached, but that the "posting results from illegal hacking of an Ottawa-based third-party supplier." But there's more to the story.

NullCrew, a hacking group that has been relatively quiet for some time (in late 2012 it dumped data stolen from a DoD site, defense.gov, NSA, Mastercard and BB&T) has returned. On 10 January it announced, "We have hidden ourselves for far to long, and it's time to show these fucktards that we're still here." Five days later, 15 January, it tweeted, "Successful day hacking internet service providers is successful."

It is now thought that this was the first reference to what followed. On 31 January NullCrew tweeted, "Re-tweet for a rather large leak on a Canadian ISP. #NullCrew and it begins!" Two days later Bell released its statement confirming that it had lost at least 22,421 user names and passwords, but denying that it had been hacked.

Databreaches contacted NullCrew to learn more. NullCrew provided a screenshot of a chat it had with Bell Support "weeks ago" where it informed Bell of the breach. Derek (Bell support) said, "Bell Internet service is a secured one." The hacker responded, "If that's true, why do I have access to several.. and I mean SEVERAL user accounts."

The lack of any response from Bell could be taken as the support engineer assuming it was a prank call. But NullCrew went further. "I informed them they didn’t have much time, and the world would soon see their failure," the hacker told Databreaches. "Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data."

The domain concerned is https://protectionmanagement.bell.ca/. At the time of writing this report the domain is unavailable. Bell says the server concerned belongs not to Bell, but to a third party provider (which it did not name). Databreaches tweeted, "The IP for the subdomain in question is registered to Magma Communications." 

NullCrew is suggesting that this is just the beginning of its campaign. "NullCrew is far from done, we want to make it evident that just because we lurked in the shadows; it does not mean we left. That we are here to stay. Simply put? Stay tuned," it told Databreaches. The question now is whether it managed to traverse from the third party supplier to Bell's own servers.

This article is featured in:
Data Loss  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×