Bell Canada is the world’s oldest telephone company, founded in 1880 by Alexander Graham Bell himself and his father. It’s also the latest victim of a cyberattack by a notorious hacktivist crew.
On Feb. 2, Bell issued a press release admitting that a group of hackers known as NullCrew had breached a third-party server and released the emails and passwords of 22,421 Bell small business clients, along with five valid credit card numbers.
“Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies,” the company said in the release.
NullCrew first gained international attention for its high-profile hack hacking of Cambridge University (in support of WikiLeaks founder Julian Assange), Time Warner (for its support of the Copyright Alert System), and the Cambodian Ministry of Foreign Affairs (over the its treatment of Pirate Bay founder Gottfrid Svartholm Warg).
“We really just saw general malpractice on the part of [B]ell that brought them to our eye as a target, and we see the same level of concern now that we released the data, which is upsetting, in my opinion,” siph0n, a member of the crew, told me via encrypted chat.
NullCrew expects Bell to take responsibility for the breach, regardless of whether it owns the servers or simply leased them from a third-party company. The hacked server traces to Ottawa-region ISP Magma, and according to NullCrew, the server was running software from 2008. The hack itself was, as is typical for the crew, an SQL injection; that method is common on sites that have customer log-ins. Siph0n told me that it took only an hour to find and exploit the vulnerability.
From boasts on Twitter, it appears the hack itself occurred on or around Jan. 10. Subsequent to that, in a show of bravado, the hackers contacted Bell customer service to warn them that someone out there was cruising their servers and had found vulnerabilities.
The NullCrew website, which had hosted the leaked emails and passwords, has been taken offline by its host, although the hackers have created at least one encrypted mirror site. Their Twitter account tweeted the link and password to the encrypted site, but it has been suspended in turn.
“We’re not providing details simply because as an issue that impacts our customers, it’s our issue,” Bell spokesman Paolo Pasquini said via email. “You could call it a ‘he said/she said’ situation if you equate a 134 yr old Canadian company, publicly traded, subject to various laws on disclosure by a range of regulators, which issued a formal statement on the matter on a national disclosure newswire… with a group of unnamed/ unknown individuals with no clear operating structures at all. We do not.”
“We continue to work with the supplier as well as law enforcement and government security officials to investigate. As noted, Bell’s own network and IT systems were not impacted.”
Photo via Bell Canada/Facebook (remix by Fernando Alfonso III)