Events, news, technologies and products about cyber security
Sunday, February 9, 2014
[csoonline] Bell Canada hacked
Over this past weekend the hacker collective that calls themselves Nullcrew, exposed details of a breach of 22,000 Bell Canada customer accounts.
For a variety of reasons I decided to ask Ben Sapiro, fellow Liquidmatrix staffer, to provide his perspective on the Bell Canada data.
Ben: Many of the tables that contain password columns don't actually appear to contain that many passwords or at least not a password that is going to be useful anywhere else except on this service (whatever it is). In most cases the password field contains a monotonically increasing value which is almost always 8 characters long. Since it's statistically unlikely that random users would almost always enter in eight character passwords with always increasing hexadecimal values what we have here is either the worlds worst random password generator or some sort of reference to another table elsewhere.
Fair enough. What about credit card details? Anything there?
Ben: Credit card data is limited - many of the records are null, many are duplicated - I think very few credit cards actually got exposed here.
Hmm, so besides the email address, names and phone numbers being legitimate, is there any value to this data other than sticking a thumb in Bell's eye?
Ben: In a nutshell, I think this is real but not terribly useful (unless Null Crew sanitized the data).
Now what systems were in fact hacked? Well, it turns out that according to Bell it was the systems of a third party provider.
Bell says its own systems were not hacked, and that its residential, mobility and enterprise customers are not affected.
The company says it is working with the unidentified third-party supplier along with “law enforcement and government security officials” to investigate the attack.
The problem here is that people will not make this differentiation between Bell Canada and this third party prvider. This is a growing problem where companies are being targeted, not directly but, through their partnered organizations.
An early example of this was when when they security website SecurityFocus was compromised indirectly. This happened when the hacker(s) Fluffi Bunni compromised the third party advertising firm and placed his own "advert" in the SecurityFocus banner.