DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago – NullCrew (update 2)

Posted on February 2, 2014 by Dissent

NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

Bell_chat

 

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

NullCrew informs DataBreaches.net that the attack was by POST SQL injection.  The vulnerable url was Bell’s protection management login page: https://protectionmanagement.bell.ca/passwordrecovery_1.asp. Bell’s protectionmanagement subdomain is currently unavailable.

As proof, NullCrew provided DataBreaches.net with screenshots taken at the time (all screenshots in this article are copies of the screenshots provided to this site):

Bell_exploit1

 

Bell_exploit2

So what is Bell talking about in their statement where they claim they were not hacked but a third party supplier’s system was? The screenshots support NullCrew’s claim that it was Bell’s server that was successfully attacked. Bell has not yet responded to an email inquiry sent by DataBreaches.net asking if the third party supplier they mention would come forward and confirm their statement or if Bell would name the third party.

Right now, then, it appears that customers may have good reason to question Bell’s version of the breach.  “Who are you going to believe, companies, corporations, big brother? Or the people who fight against this system?” NullCrew asks. [See update below post for Bell’s response – Dissent]

And other big corporations may want to take note that the Bell attack may just be the beginning. NullCrew wants us all to know:

NullCrew is far from done, we want to make it evident that just because we lurked in the shadows; it does not mean we left. That we are here to stay. Simply put? Stay tuned. #FuckTheSystem is just beginning.

Update 1: Bell Canada was sent a link to this report and asked if they still stand by their statement of this morning. They do:

Yes, we stand by the facts in our release. The posting results from illegal hacking of an Ottawa-based third-party supplier’s information technology system.

Update 2: Adam Caudhill points out that it’s not uncommon to find a subdomain of a large company pointing to a third party. “So it’s quite possible they are telling the truth. They should still take more responsibility for their data though,” Adam tweeted.

A lookup of protectionmanagement.bell.ca resolves to IP 206.191.10.10, which is registered to Magma Communications in Ottawa, a subsidiary of Primus Communications.  Interesting.

Related posts:

  • Why Canada’s Privacy Commissioner and CRTC should heed PIAC/CAC’s recommendations about Bell’s “Relevant Ads Program”
  • Forbes Breach Email Statistics
  • NullCrew Information and Attacks
  • TeamGhostShell posts “master list” of 548 leaks (so far)
Category: Breach IncidentsBusiness SectorHackNon-U.S.Of Note

Post navigation

← Bell Canada statement on NullCrew hack (Update 1)
French telecom Orange discloses data breach affecting 800,000 customers →

13 thoughts on “NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago – NullCrew (update 2)”

  1. Anonymous says:
    February 2, 2014 at 12:43 pm

    So Happy there is a group of people out there that can prove that major companies that claim they are secure and perfect are useless/defenceless in reality. Their arrogance is their own downfall. FUCK THE SYSTEM!

  2. John says:
    February 2, 2014 at 9:53 pm

    That’s the stupidest disclosure imaginable… Bell knew about it because NullCrew blustered about their l33t spl01ts to the web chat support team?

    1. richie says:
      February 3, 2014 at 7:14 am

      Most likely some poor schmuck in Bangalore, didn’t really understand what was being said so kept on parroting back the most appropriate scripted answer.

      1. Dissent says:
        February 3, 2014 at 7:19 am

        As Adam Caudill tweeted to me yesterday, Bell may be lacking an appropriate escalation policy for Support that tells them what to do with such reports. I don’t know if that’s the case, but I wouldn’t be surprised in light of all the trouble I and others have had over the years trying to alert entities to security breaches.

  3. Rocco Fanucci says:
    February 3, 2014 at 12:32 am

    No doubt about Magma.they’re the GoDaddy of Ontario

  4. Anonymous says:
    February 3, 2014 at 12:46 am

    http://toolshack.com/206.191.10.10

    1. Dissent says:
      February 3, 2014 at 6:08 am

      http://myip.ms/info/whois/206.191.10.0

  5. Doh says:
    February 3, 2014 at 2:17 am

    Let’s suppose you go to a fast food chain and the food is really bad and stinky and the facility manager tells you it’s ok. Are you going to look up the franchise owner or call headquarters? Well…

    1. ryan says:
      February 3, 2014 at 5:07 pm

      No.

      Lets suppose I go to a fast food chain, and the deep fryer and/or grill are dirty, unsanitary and makes the food taste bad. The facility manager indicates that it’s OK to their standards.

      Are you going to call the franchise owner to speak with them (again)?
      Are you going to call the franchise HQ to speak with someone there?
      or..
      Are you going to call the company that makes the deep fryer and/or grill?

      The most logical response (in my opinion) would be to consult the franchise HQ, as they set the standards on what equipment is used to prepare their food. The facility manager would maintain that equipment as per their standards, and the manufacturer of the equipment has recommendations on how to maintain it.

      Contacting a facility manager keeps the issue isolated, and it can often lose momentum here.

      Contacting the HQ will cause an internal investigation as to the quality and/or sanity of the equipment, in which the facility manager would likely have no say, and would be required to abide by their requests.

      ——–

      TL;DR

      Bell allows this 3rd party hosted server to be used in their network infrastructure, including storing their customers sensitive information here – they are responsible for this.

      1. Dissent says:
        February 3, 2014 at 5:28 pm

        Bell allows this 3rd party hosted server to be used in their network infrastructure, including storing their customers sensitive information here – they are responsible for this.

        Exactly.

        1. Chris says:
          February 9, 2014 at 10:11 am

          thats the scary part….

  6. Anonymous says:
    February 11, 2014 at 11:02 pm

    Magma has colo services and their own clients, that is probably why the IP points to them. Must be one of their clients that is the mentioned 3rd party.

    1. Dissent says:
      February 12, 2014 at 9:31 am

      Looked like 10Count Consulting to me.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.