Attacks/Breaches
5/11/2012
12:10 PM
50%
50%

TeamPoison Hacker Suspect Has Anonymous Ties

British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.

British police Thursday arrested a suspected member of the TeaMp0isoN hacktivist group.

The unnamed 17-year old boy was arrested in the north of England on charges of violating the country's Computer Misuse Act 1990, which is the law in Britain typically used to charge people who are suspected of hacking offenses.

"The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world," read a statement released by London's Metropolitan Police Service. It said that the suspect had been tracked down by the force's Police Central eCrime Unit (PCeU), which serves as a cyber-crime investigation service for England, Wales, and Northern Ireland.

[ To learn about Anonymous's recent exploits, see Anonymous Target Russian Sites For Putin Protest. ]

Police said they were interviewing the boy at a police station, conducting a forensic analysis of computer equipment seized as part of the arrest, and working to identify additional suspects. "Enquiries continue between the PCeU and other relevant law enforcement agencies in this continuing and wide-ranging investigation," said the Metropolitan Police.

MLT's arrest is not the first in the ongoing TeaMp0isoN investigation. Last month, two alleged members of the group--aged 16 and 17 years old--were arrested on charges of having used Skype to overwhelm Britain's anti-terrorism hotline with bogus calls. Their arrest came one day after a recording of one of the prank calls ended up on YouTube, with the headline, "TriCk calls Mi6 Anti-Terrorism Command - TeaMp0isoN."

In February, a hacker identifying himself as TriCk said that he was the 17-year-old British co-founder of TeaMp0isoN. Asked about his greatest accomplishment as a hacker, he replied, "My biggest achievement as a hacker is 'TeaMp0isoN' - embarrassing governments, corrupt organizations and corrupt individuals for 4+ years straight, and the 'enemy' STILL has nothing on us."

As that suggests, prank calls aside, TeaMp0isoN built its reputation by launching distributed denial-of-service attacks against numerous organizations, as well as "doxing"--obtaining and releasing sensitive information about--numerous businesses, government agencies, and individuals. Notably, the group last year published via Pastebin what it claimed to be Tony Blair's private address book. A spokesman for the former British prime minister said at the time that the information appeared to have been obtained from the personal email account of one of Blair's former staff members.

In January 2011, the group exploited a Facebook bug that allowed them to post bogus status updates to roughly 130 different Facebook pages, including pages for the social network's founder, Mark Zuckerberg, as well as then French president Nicholas Sarkozy.

More recently, TeaMp0isoN defaced and knocked the BlackBerry website offline during the August 2011 riots in England, and attacked the United Nations website in November 2011, leading to the release of various user IDs. That same month, TeaMp0isoN announced that it would be collaborating with Anonymous on the Operation Robin Hood wealth redistribution scheme.

Prior to that endeavor, however, the group's members had apparently not been fans of certain LulzSec and Anonymous elements, which they accused of having unsophisticated hacking techniques. In July 2011, TeaMp0isoN went so far as to release documents containing supposed personal information about members of the rival hacktivist crews, in an apparent effort to get the LulzSec and Anonymous participants arrested.

InformationWeek is conducting a survey to get a baseline look at where enterprises stand on their IPv6 deployments, with a focus on problem areas, including security, training, budget, and readiness. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad. Take our InformationWeek IPv6 Survey now. Survey ends May 11.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jamie, the darn Unicorn is back."
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.