#CyberFLASH: FBI watched as hacker dumped Bell Canada passwords online

10712553When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

The bureau had spent more than a year keeping tabs on the 15-year-old Canadian teenager, who discovered the vulnerability then passed it to an American counterpart. It was the American who carried out the cyberattack on behalf of a collective calling itself NullCrew.

The details emerged in an Ottawa courtroom last month after the Canadian teen pleaded guilty to a single count of unlawfully using a computer.

The 15-year-old teen, who used the online nickname “Null”, discovered a weakness in a Bell Canada login page. It allowed someone to gain access to the usernames and passwords of small and medium-sized business customers that were contained within a database maintained by a third-party supplier to Bell.

The teen didn’t post the data, but instead shared how to access it using what is known as a SQL injection attack with another NullCrew member named “Orbit.”

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.