#CyberFLASH: Mounties charge Quebec teen for hacking Bell customer data, posting it online


The Mounties have charged a young offender in Quebec after the user names, passwords and credit-card information from some of Bell Canada’s small-business customers were posted online.

The RCMP say they started investigating after one of Bell’s third-party IT suppliers was cyberhacked.

As a result of the hacking, investigators say, 22,421 user names and passwords and five valid credit-card numbers were displayed for anyone to see on the Internet.

A young offender, who cannot be identified because of his age, was arrested at a Bagotville, Que., residence early Friday and charged with one count of unauthorized use of a computer and two counts of mischief in relation to data.

Police said the accused is believed to be a member of a hacktivist group NullCrew, alleged to be responsible for hacking into computers of businesses, schools and government agencies.

Read more here

#CyberFLASH: Union raises security concerns over $400-million federal email deal with Bell Canada


OTTAWA – Small businesses and a union representing professional public servants are raising fresh questions about the value and security of a federal government deal that is now underway with Bell Canada – worth up to $400 million over seven years – to restructure email services.

“I think it’s more about supporting their ongoing ideology about supporting corporate business,” said Debi Daviau, president of the Professional Institute of the Public Service of Canada. “And at one point, Canadians’ data is just there to be exploited.”

The contract, announced last June, is expected to convert 63 separate email systems into a single system with a “@canada.ca” email address for all government employees, including those who deal with requests for services from the public.

Treasury Board President Tony Clement says that the entire federal government strategy, which includes the consolidation of Internet services, will simplify services for Canadians.

Read more here


#CyberFLASH: End to Microsoft XP support could put millions of computers at risk of hacking


OTTAWA — Computer and banking systems around the world are about to be hit with a new challenge to their security.

On April 8, Microsoft Corp. officially closes the door on Windows XP.

The 12-year-old program still accounts for 29.2 per cent of all operating systems worldwide, according to research firm Net Market Share.

It’s installed on more than 95 per cent of all automated banking machines and is used in the networks that link those machines together, according to security researcher Symantec.

The software is also deployed on as many as 1.9 million Point-of-Sale (POS) machines — where you key your PINs at checkout lanes — across North America, and four million around the world, according to retail industry researcher IHL Group.

Come April, no more security patches will be released to protect any Windows XP systems, rendering all computers running the software open to attack by malicious hackers.

One recent attack on Bell Canada’s network due to an outdated security patch on a server led to hackers getting access to the personal data of 22,400 of its small- and medium-sized business customers.

Read more here

#CyberFLASH: NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago


NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

Read more here

#CyberFLASH: Hacker group posts usernames and passwords from more than 20,000 Bell customers

BCE Beats Profit Estimates as Smartphone Subscribers Gain

More than 20,000 small business customers of telecommunications giant Bell Canada were the victims of what the company is calling an “illegal hacking” incident that left their user names and passwords publicly exposed on the Internet during the weekend.

Observers say the latest hacking incident, which follows on the heels of a Yahoo breach last week, should send a message to businesses, governments, and individuals: Brace for more hacking of personal information as the amount of time spent online interacting — and transacting — increases.

Five valid credit card numbers were also posted online as a result of the latest hacking incident, which Bell says involved the information system of one of its third-party suppliers based in Ottawa.

Bell spokesman Paolo Pasquini said the 22,421 small business customers affected are based in Ontario and Quebec.

“There will certainly be a bunch of freaked-out businesses with this compromised data,” said Dan Kelly, president of the Canadian Federation of Independent Business, who called the weekend hacking incident “quite disturbing.”

Read more here

#CyberFLASH: Consumer groups challenge Bell Canada’s data collection


OTTAWA — Two consumer advocacy groups are challenging Bell Canada’s tracking of how its wireless customers use the web, what they watch on TV and their phone call patterns.

The Public Interest Advocacy Centre and the Consumers’ Association of Canada have filed a complaint with the Canadian Radio-television and Telecommunications Commission, arguing Bell’s data collection goes against policies that protect privacy.

Bell announced last November that it would collect consumers’ data to put targeted ads on mobile devices, improve its network performance and for marketing reports.

The company has said the data it collects will not be linked with a customer’s identity and they can opt out of the program.

Read more here

Bell Canada and Rogers among the world’s top 10 throttlers in 2011 and 2012

Canada Glasnost data, Q1 2009 - Q1 2012Canada — An international analysis of how Internet service providers conduct their business has found that Canadian ISPs like Rogers and Bell rank among the worst in the world for throttling Internet access.

“Nearly all of the major Internet providers are heavy throttlers and Rogers tops them all,” the report reads, published by TorrentFreak and looking at Bittorrent users in particular. “For more than half a decade Rogers has continuously throttled more than three-quarters of all BitTorrent traffic.”

Throttling is a process by which Internet service providers can give certain users a lower data transfer rate if they’re using the Internet with certain applications. For example, a customer downloading a movie from iTunes might download a 750 Mb movie in 15 minutes, but if the connect is throttled, that same download could take two or three times longer via Bittorrent.

Read more here.

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.