Citizen Lab Postdoctoral Fellow Christopher Parsons spoke to the Ottawa Citizen regarding the hacking of Bell Canada last year, in which the records of more than 12,000 Canadians were posted online. During the subsequent investigation, it was revealed that the Federal Bureau of Investigation (FBI) allowed the hackers stage the attack from what was secretly an FBI server.
A vulnerability in Bell security was found by a 15-year-old teenager, who then passed it on to an American hacker who carried out the attack on behalf of a group called NullCrew. These details were revealed in a courtroom in March after the Canadian teen pleaded guilty to a single count of unlawfully using a computer.
When the attack was carried out on Feb. 1, 2014, the FBI contacted the RCMP three days later to explain that they had been investigating for over a year, and that the suspects had been identified already. The FBI informed the RCMP that they had a confidential informant who had infiltrated NullCrew.
Christopher Parsons told interviewers that it made “good tactical sense” that the FBI used confidential informants and an undercover server to build their case. However, he said that it was unusual that the FBI did not act to prevent the crime from occurring.
“In this case it sounds like the FBI had that ability, had that option to prevent these things from happening, perhaps with a weaker case, but instead they opted to endanger innocents in order to build a stronger case,” said Parsons. “The problem there is there is no indication Bell had been notified. This wasn’t dummy data that was released — this was live, real customer data,” he added.