FBI watched as NullCrew dumped Bell Canada passwords online

Andrew Seymour reports:

When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

The bureau had spent more than a year keeping tabs on the 15-year-old Canadian teenager, who discovered the vulnerability then passed it to an American counterpart. It was the American who carried out the cyberattack on behalf of a collective calling itself NullCrew.

The details emerged in an Ottawa courtroom last month after the Canadian teen pleaded guilty to a single count of unlawfully using a computer.

The 15-year-old teen, who used the online nickname “Null”, discovered a weakness in a Bell Canada login page. It allowed someone to gain access to the usernames and passwords of small and medium-sized business customers that were contained within a database maintained by a third-party supplier to Bell.

Read more on Ottawa Citizen.

About the author: Dissent

4 comments to “FBI watched as NullCrew dumped Bell Canada passwords online”

You can leave a reply or Trackback this post.
  1. Anonymous - April 18, 2015

    Did the FBI watch as well when the kid tried to inform Bell that they were hacked and had old insecure un-updated software that allowed the attack?

    Did the FBI watch as these people even informed Bell of the the vulnerable url and details, while Bell brushed them off?

    That’s a recurring theme:
    *Evil-doer kid that needs 10-years in jail for playing on computer:
    You are hacked this is the how and why of it. You need to fix that.

    *Company or Entity: That is “not possible”. Thank you and good bye.

    Did the FBI giggle at all that? I would have in their shoes. Did the FBI at least state these people tried to inform the entities of what they discovered and how to fix it? Or is the FBI just ignoring that as they laid the trap and encouraged them to hack through their “secure proxy”?

    I HAVE QUESTIONS! please give me answers. ty. 😉

    • Dissent - April 18, 2015

      I have no answer to those questions, but add to your list:

      Why did the FBI allow thousands of Canadian consumers to have their data hacked and dumped without trying to prevent at least the data dump? How much did this breach cost the hacked entities because data got dumped? Is the FBI going to reimburse them those costs? No? I thought not…

      • Anonymous - April 18, 2015

        When I was looking at the details of the hack back then, I saw a lot of gov Emails and company emails and passwords.

        I don’t know if the “small and medium businesses” included any small-medium gov divisions type thing for certain, but I saw emails connected to provincial gov related health related services. It wasn’t just the average citizen consumer.

        Going by memory, I saw Quebec gov CLSC, CSST, law firm emails, and the likes.

        It will be interesting what we learn in the US case.

Comments are closed.