Article content continued

The teen didn’t post the data, but instead shared how to access it using what is known as a SQL injection attack with another NullCrew member named “Orbit.”

According to prosecutors, million of files were exfiltrated and 300,000 of them contained client information. At the time of the hack, Bell Canada said 22,421 login and password combinations along with five credit card numbers were exposed, but court documents indicate the number was smaller. Orbit later allegedly posted approximately 12,700 logins and passwords online and Tweeted a link to the data.

But it wasn’t until three days after the Feb. 1, 2014, attack on Bell’s data that the RCMP were informed by their U.S. counterparts that an investigation had been underway for more than a year and that the suspects had long been identified.

What the RCMP learned was that the FBI investigation had a confidential informant who had infiltrated the group — the FBI has since alleged the group is responsible for similar cyber attacks on several U.S. universities, the British Ministry of Defence, U.S. Department of State, U.S. army, the United Nations and World Health Organization, among others.

In online posts, NullCrew called its hacks a “public service.” According to the group, they hacked “because we can, and because it’s our way of speaking up against things that are deemed as unright and in all unjust.

“We dispense this information to the public so that they know how idiotic the people whom hold their information, and yet anyone whom has enough skill and patience can ex-filtrate this personal information quite easily (sic),” NullCrew wrote in one online post.