Attacks/Breaches
5/11/2012
12:10 PM
50%
50%

TeamPoison Hacker Suspect Has Anonymous Ties

British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.

British police Thursday arrested a suspected member of the TeaMp0isoN hacktivist group.

The unnamed 17-year old boy was arrested in the north of England on charges of violating the country's Computer Misuse Act 1990, which is the law in Britain typically used to charge people who are suspected of hacking offenses.

"The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world," read a statement released by London's Metropolitan Police Service. It said that the suspect had been tracked down by the force's Police Central eCrime Unit (PCeU), which serves as a cyber-crime investigation service for England, Wales, and Northern Ireland.

[ To learn about Anonymous's recent exploits, see Anonymous Target Russian Sites For Putin Protest. ]

Police said they were interviewing the boy at a police station, conducting a forensic analysis of computer equipment seized as part of the arrest, and working to identify additional suspects. "Enquiries continue between the PCeU and other relevant law enforcement agencies in this continuing and wide-ranging investigation," said the Metropolitan Police.

MLT's arrest is not the first in the ongoing TeaMp0isoN investigation. Last month, two alleged members of the group--aged 16 and 17 years old--were arrested on charges of having used Skype to overwhelm Britain's anti-terrorism hotline with bogus calls. Their arrest came one day after a recording of one of the prank calls ended up on YouTube, with the headline, "TriCk calls Mi6 Anti-Terrorism Command - TeaMp0isoN."

In February, a hacker identifying himself as TriCk said that he was the 17-year-old British co-founder of TeaMp0isoN. Asked about his greatest accomplishment as a hacker, he replied, "My biggest achievement as a hacker is 'TeaMp0isoN' - embarrassing governments, corrupt organizations and corrupt individuals for 4+ years straight, and the 'enemy' STILL has nothing on us."

As that suggests, prank calls aside, TeaMp0isoN built its reputation by launching distributed denial-of-service attacks against numerous organizations, as well as "doxing"--obtaining and releasing sensitive information about--numerous businesses, government agencies, and individuals. Notably, the group last year published via Pastebin what it claimed to be Tony Blair's private address book. A spokesman for the former British prime minister said at the time that the information appeared to have been obtained from the personal email account of one of Blair's former staff members.

In January 2011, the group exploited a Facebook bug that allowed them to post bogus status updates to roughly 130 different Facebook pages, including pages for the social network's founder, Mark Zuckerberg, as well as then French president Nicholas Sarkozy.

More recently, TeaMp0isoN defaced and knocked the BlackBerry website offline during the August 2011 riots in England, and attacked the United Nations website in November 2011, leading to the release of various user IDs. That same month, TeaMp0isoN announced that it would be collaborating with Anonymous on the Operation Robin Hood wealth redistribution scheme.

Prior to that endeavor, however, the group's members had apparently not been fans of certain LulzSec and Anonymous elements, which they accused of having unsophisticated hacking techniques. In July 2011, TeaMp0isoN went so far as to release documents containing supposed personal information about members of the rival hacktivist crews, in an apparent effort to get the LulzSec and Anonymous participants arrested.

InformationWeek is conducting a survey to get a baseline look at where enterprises stand on their IPv6 deployments, with a focus on problem areas, including security, training, budget, and readiness. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad. Take our InformationWeek IPv6 Survey now. Survey ends May 11.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.