Attacks/Breaches

5/11/2012
12:10 PM
50%
50%

TeamPoison Hacker Suspect Has Anonymous Ties

British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.

British police Thursday arrested a suspected member of the TeaMp0isoN hacktivist group.

The unnamed 17-year old boy was arrested in the north of England on charges of violating the country's Computer Misuse Act 1990, which is the law in Britain typically used to charge people who are suspected of hacking offenses.

"The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world," read a statement released by London's Metropolitan Police Service. It said that the suspect had been tracked down by the force's Police Central eCrime Unit (PCeU), which serves as a cyber-crime investigation service for England, Wales, and Northern Ireland.

[ To learn about Anonymous's recent exploits, see Anonymous Target Russian Sites For Putin Protest. ]

Police said they were interviewing the boy at a police station, conducting a forensic analysis of computer equipment seized as part of the arrest, and working to identify additional suspects. "Enquiries continue between the PCeU and other relevant law enforcement agencies in this continuing and wide-ranging investigation," said the Metropolitan Police.

MLT's arrest is not the first in the ongoing TeaMp0isoN investigation. Last month, two alleged members of the group--aged 16 and 17 years old--were arrested on charges of having used Skype to overwhelm Britain's anti-terrorism hotline with bogus calls. Their arrest came one day after a recording of one of the prank calls ended up on YouTube, with the headline, "TriCk calls Mi6 Anti-Terrorism Command - TeaMp0isoN."

In February, a hacker identifying himself as TriCk said that he was the 17-year-old British co-founder of TeaMp0isoN. Asked about his greatest accomplishment as a hacker, he replied, "My biggest achievement as a hacker is 'TeaMp0isoN' - embarrassing governments, corrupt organizations and corrupt individuals for 4+ years straight, and the 'enemy' STILL has nothing on us."

As that suggests, prank calls aside, TeaMp0isoN built its reputation by launching distributed denial-of-service attacks against numerous organizations, as well as "doxing"--obtaining and releasing sensitive information about--numerous businesses, government agencies, and individuals. Notably, the group last year published via Pastebin what it claimed to be Tony Blair's private address book. A spokesman for the former British prime minister said at the time that the information appeared to have been obtained from the personal email account of one of Blair's former staff members.

In January 2011, the group exploited a Facebook bug that allowed them to post bogus status updates to roughly 130 different Facebook pages, including pages for the social network's founder, Mark Zuckerberg, as well as then French president Nicholas Sarkozy.

More recently, TeaMp0isoN defaced and knocked the BlackBerry website offline during the August 2011 riots in England, and attacked the United Nations website in November 2011, leading to the release of various user IDs. That same month, TeaMp0isoN announced that it would be collaborating with Anonymous on the Operation Robin Hood wealth redistribution scheme.

Prior to that endeavor, however, the group's members had apparently not been fans of certain LulzSec and Anonymous elements, which they accused of having unsophisticated hacking techniques. In July 2011, TeaMp0isoN went so far as to release documents containing supposed personal information about members of the rival hacktivist crews, in an apparent effort to get the LulzSec and Anonymous participants arrested.

InformationWeek is conducting a survey to get a baseline look at where enterprises stand on their IPv6 deployments, with a focus on problem areas, including security, training, budget, and readiness. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad. Take our InformationWeek IPv6 Survey now. Survey ends May 11.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabs,  11/20/2017
A Call for Greater Regulation of Digital Currencies
Kelly Sheridan, Associate Editor, Dark Reading,  11/21/2017
New OWASP Top 10 List Includes Three New Web Vulns
Jai Vijayan, Freelance writer,  11/21/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.