DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago – NullCrew (update 2)

Posted on February 2, 2014 by Dissent

NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

Bell_chat

 

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

NullCrew informs DataBreaches.net that the attack was by POST SQL injection.  The vulnerable url was Bell’s protection management login page: https://protectionmanagement.bell.ca/passwordrecovery_1.asp. Bell’s protectionmanagement subdomain is currently unavailable.

As proof, NullCrew provided DataBreaches.net with screenshots taken at the time (all screenshots in this article are copies of the screenshots provided to this site):

Bell_exploit1

 

Bell_exploit2

So what is Bell talking about in their statement where they claim they were not hacked but a third party supplier’s system was? The screenshots support NullCrew’s claim that it was Bell’s server that was successfully attacked. Bell has not yet responded to an email inquiry sent by DataBreaches.net asking if the third party supplier they mention would come forward and confirm their statement or if Bell would name the third party.

Right now, then, it appears that customers may have good reason to question Bell’s version of the breach.  “Who are you going to believe, companies, corporations, big brother? Or the people who fight against this system?” NullCrew asks. [See update below post for Bell’s response – Dissent]

And other big corporations may want to take note that the Bell attack may just be the beginning. NullCrew wants us all to know:

NullCrew is far from done, we want to make it evident that just because we lurked in the shadows; it does not mean we left. That we are here to stay. Simply put? Stay tuned. #FuckTheSystem is just beginning.

Update 1: Bell Canada was sent a link to this report and asked if they still stand by their statement of this morning. They do:

Yes, we stand by the facts in our release. The posting results from illegal hacking of an Ottawa-based third-party supplier’s information technology system.

Update 2: Adam Caudhill points out that it’s not uncommon to find a subdomain of a large company pointing to a third party. “So it’s quite possible they are telling the truth. They should still take more responsibility for their data though,” Adam tweeted.

A lookup of protectionmanagement.bell.ca resolves to IP 206.191.10.10, which is registered to Magma Communications in Ottawa, a subsidiary of Primus Communications.  Interesting.

No related posts.

Category: Breach IncidentsBusiness SectorHackNon-U.S.Of Note

Post navigation

← Bell Canada statement on NullCrew hack (Update 1)
French telecom Orange discloses data breach affecting 800,000 customers →

13 thoughts on “NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago – NullCrew (update 2)”

  1. Anonymous says:
    February 2, 2014 at 12:43 pm

    So Happy there is a group of people out there that can prove that major companies that claim they are secure and perfect are useless/defenceless in reality. Their arrogance is their own downfall. FUCK THE SYSTEM!

  2. John says:
    February 2, 2014 at 9:53 pm

    That’s the stupidest disclosure imaginable… Bell knew about it because NullCrew blustered about their l33t spl01ts to the web chat support team?

    1. richie says:
      February 3, 2014 at 7:14 am

      Most likely some poor schmuck in Bangalore, didn’t really understand what was being said so kept on parroting back the most appropriate scripted answer.

      1. Dissent says:
        February 3, 2014 at 7:19 am

        As Adam Caudill tweeted to me yesterday, Bell may be lacking an appropriate escalation policy for Support that tells them what to do with such reports. I don’t know if that’s the case, but I wouldn’t be surprised in light of all the trouble I and others have had over the years trying to alert entities to security breaches.

  3. Rocco Fanucci says:
    February 3, 2014 at 12:32 am

    No doubt about Magma.they’re the GoDaddy of Ontario

  4. Anonymous says:
    February 3, 2014 at 12:46 am

    http://toolshack.com/206.191.10.10

    1. Dissent says:
      February 3, 2014 at 6:08 am

      http://myip.ms/info/whois/206.191.10.0

  5. Doh says:
    February 3, 2014 at 2:17 am

    Let’s suppose you go to a fast food chain and the food is really bad and stinky and the facility manager tells you it’s ok. Are you going to look up the franchise owner or call headquarters? Well…

    1. ryan says:
      February 3, 2014 at 5:07 pm

      No.

      Lets suppose I go to a fast food chain, and the deep fryer and/or grill are dirty, unsanitary and makes the food taste bad. The facility manager indicates that it’s OK to their standards.

      Are you going to call the franchise owner to speak with them (again)?
      Are you going to call the franchise HQ to speak with someone there?
      or..
      Are you going to call the company that makes the deep fryer and/or grill?

      The most logical response (in my opinion) would be to consult the franchise HQ, as they set the standards on what equipment is used to prepare their food. The facility manager would maintain that equipment as per their standards, and the manufacturer of the equipment has recommendations on how to maintain it.

      Contacting a facility manager keeps the issue isolated, and it can often lose momentum here.

      Contacting the HQ will cause an internal investigation as to the quality and/or sanity of the equipment, in which the facility manager would likely have no say, and would be required to abide by their requests.

      ——–

      TL;DR

      Bell allows this 3rd party hosted server to be used in their network infrastructure, including storing their customers sensitive information here – they are responsible for this.

      1. Dissent says:
        February 3, 2014 at 5:28 pm

        Bell allows this 3rd party hosted server to be used in their network infrastructure, including storing their customers sensitive information here – they are responsible for this.

        Exactly.

        1. Chris says:
          February 9, 2014 at 10:11 am

          thats the scary part….

  6. Anonymous says:
    February 11, 2014 at 11:02 pm

    Magma has colo services and their own clients, that is probably why the IP points to them. Must be one of their clients that is the mentioned 3rd party.

    1. Dissent says:
      February 12, 2014 at 9:31 am

      Looked like 10Count Consulting to me.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.