FBI used informant to guide hackers to undercover server
FBI encourages hackers to commit computer offenses
The FBI had members of the NullCrew hacking group under observation when they exploited a vulnerability in the log-in page of Bell Canada, facilitating the perpetration of the crime via an undercover server, in order to build a case against them.
In February last year, news emerged that NullCrew had hacked Bell and stole customer information that included usernames and passwords. The hackers said that the attack came after they discovered a security flaw and reported it and the associated risks to the company.
Two hackers were arrested
After having stolen the sensitive information, the hackers dumped it into the public domain in order to show the world Bell’s incapacity to protect user data. The company issued a statement saying that 22,421 account credentials belonging to small-business customers were leaked online.
The number may not be accurate as details from court documents indicate a smaller impact, according to
Ottawa Citizen, while one of the hackers, operating under the alias Orbit, allegedly posted a database with 12,700 credentials.
In June 2014, two individuals were arrested by the FBI in relation to the Bell incident, a
teenager from Canada and 20-year-old Timothy Justin French (known online as “Orbit,” “@Orbit,” “@Orbit_g1rl,” “crysis,” “rootcrysis,” and “c0rps3”) from Tennessee.
The arrests were possible thanks to a confidential informant that
had infiltrated the group and fed information about their hacking deeds to the FBI.
After the Bell incident, The Royal Canadian Mounted Police was informed by the FBI that an investigation had been started more than a year earlier and that the two hackers had been identified a long time prior to the attack.
FBI provides hackers infrastructure to launch digital attacks
However, it appears that the agency did more than plant a mole among the hackers and also enabled them to carry out offenses by providing access to a server, which was allegedly set up clandestinely, to launch computer attacks.
The confidential witness pointed the hackers to the server that was under FBI supervision, and which was used in attacks against other organizations after the Bell incident.
Basically, the FBI contributed to endangering the personal information of thousands of individuals and costing affected businesses hundreds of thousands of dollars in order to catch individuals that were referred to as “skids” (short for “script kiddies,” a term used to define someone not skilled in deploying computer attacks) in some online locations.
“In this case it sounds like the FBI had that ability, had that option to prevent these things from happening, perhaps with a weaker case, but instead they opted to endanger innocents in order to build a stronger case,” Christopher Parsons at Citizen Lab University of Toronto told the Canadian publication.
Comments
Post a Comment