Over this past weekend the hacker collective that calls themselves Nullcrew, exposed details of a breach of 22,000 Bell Canada customer accounts. For a variety of reasons I decided to ask Ben Sapiro, fellow Liquidmatrix staffer, to provide his perspective on the Bell Canada data. Ben: Many of the tables that contain password columns don’t actually appear to contain that many passwords or at least not a password that is going to be useful anywhere else except on this service (whatever it is). In most cases the password field contains a monotonically increasing value which is almost always 8 characters long. Since it’s statistically unlikely that random users would almost always enter in eight character passwords with always increasing hexadecimal values what we have here is either the worlds worst random password generator or some sort of reference to another table elsewhere. Fair enough. What about credit card details? Anything there? Ben: Credit card data is limited – many of the records are null, many are duplicated – I think very few credit cards actually got exposed here. Hmm, so besides the email address, names and phone numbers being legitimate, is there any value to this data other than sticking a thumb in Bell’s eye? Ben: In a nutshell, I think this is real but not terribly useful (unless Null Crew sanitized the data). Now what systems were in fact hacked? Well, it turns out that according to Bell it was the systems of a third party provider. From The Globe and Mail: Bell says its own systems were not hacked, and that its residential, mobility and enterprise customers are not affected. The company says it is working with the unidentified third-party supplier along with “law enforcement and government security officials” to investigate the attack. The problem here is that people will not make this differentiation between Bell Canada and this third party prvider. This is a growing problem where companies are being targeted, not directly but, through their partnered organizations. An early example of this was when when they security website SecurityFocus was compromised indirectly. This happened when the hacker(s) Fluffi Bunni compromised the third party advertising firm and placed his own “advert” in the SecurityFocus banner. Check your flank. (Image used under CC from Thomas Hawk) Related content news The end of the road By Dave Lewis May 30, 2017 3 mins Security news WannaCry...ransomware cyberattack as far as the eye can see By Dave Lewis May 15, 2017 4 mins Security news HITB Amsterdam: hackers, waffles and coffee oh my By Dave Lewis Apr 21, 2017 3 mins Security news Fail to patch and wait for the pain By Dave Lewis Apr 20, 2017 3 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe