DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FBI watched as NullCrew dumped Bell Canada passwords online

Posted on April 17, 2015 by Dissent

Andrew Seymour reports:

When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

The bureau had spent more than a year keeping tabs on the 15-year-old Canadian teenager, who discovered the vulnerability then passed it to an American counterpart. It was the American who carried out the cyberattack on behalf of a collective calling itself NullCrew.

The details emerged in an Ottawa courtroom last month after the Canadian teen pleaded guilty to a single count of unlawfully using a computer.

The 15-year-old teen, who used the online nickname “Null”, discovered a weakness in a Bell Canada login page. It allowed someone to gain access to the usernames and passwords of small and medium-sized business customers that were contained within a database maintained by a third-party supplier to Bell.

Read more on Ottawa Citizen.

Category: Business SectorHackNon-U.S.Of Note

Post navigation

← Okay, so now they’ll act on the state’s recommendations
Update: Air Force senior master sergeant sentenced for ID theft involving fellow soldiers →

4 thoughts on “FBI watched as NullCrew dumped Bell Canada passwords online”

  1. Anonymous says:
    April 18, 2015 at 12:41 pm

    Did the FBI watch as well when the kid tried to inform Bell that they were hacked and had old insecure un-updated software that allowed the attack?

    Did the FBI watch as these people even informed Bell of the the vulnerable url and details, while Bell brushed them off?

    That’s a recurring theme:
    *Evil-doer kid that needs 10-years in jail for playing on computer:
    You are hacked this is the how and why of it. You need to fix that.

    *Company or Entity: That is “not possible”. Thank you and good bye.

    Did the FBI giggle at all that? I would have in their shoes. Did the FBI at least state these people tried to inform the entities of what they discovered and how to fix it? Or is the FBI just ignoring that as they laid the trap and encouraged them to hack through their “secure proxy”?

    I HAVE QUESTIONS! please give me answers. ty. 😉

    1. Dissent says:
      April 18, 2015 at 6:47 pm

      I have no answer to those questions, but add to your list:

      Why did the FBI allow thousands of Canadian consumers to have their data hacked and dumped without trying to prevent at least the data dump? How much did this breach cost the hacked entities because data got dumped? Is the FBI going to reimburse them those costs? No? I thought not…

      1. Anonymous says:
        April 18, 2015 at 7:22 pm

        When I was looking at the details of the hack back then, I saw a lot of gov Emails and company emails and passwords.

        I don’t know if the “small and medium businesses” included any small-medium gov divisions type thing for certain, but I saw emails connected to provincial gov related health related services. It wasn’t just the average citizen consumer.

        Going by memory, I saw Quebec gov CLSC, CSST, law firm emails, and the likes.

        It will be interesting what we learn in the US case.

        1. Dissent says:
          April 18, 2015 at 9:19 pm

          Cyber_War_News had analyzed the data dump, which I reported here: http://www.databreaches.net/nullcrew-claims-to-have-hacked-bell-canada/

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.