Attacks/Breaches
5/11/2012
12:10 PM
Connect Directly
RSS
E-Mail
50%
50%

TeamPoison Hacker Suspect Has Anonymous Ties

British police arrest alleged spokesman of hacktivist group that gained notoriety for exposing Tony Blair's address book and working with Anonymous as part of Operation Robin Hood.

British police Thursday arrested a suspected member of the TeaMp0isoN hacktivist group.

The unnamed 17-year old boy was arrested in the north of England on charges of violating the country's Computer Misuse Act 1990, which is the law in Britain typically used to charge people who are suspected of hacking offenses.

"The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world," read a statement released by London's Metropolitan Police Service. It said that the suspect had been tracked down by the force's Police Central eCrime Unit (PCeU), which serves as a cyber-crime investigation service for England, Wales, and Northern Ireland.

[ To learn about Anonymous's recent exploits, see Anonymous Target Russian Sites For Putin Protest. ]

Police said they were interviewing the boy at a police station, conducting a forensic analysis of computer equipment seized as part of the arrest, and working to identify additional suspects. "Enquiries continue between the PCeU and other relevant law enforcement agencies in this continuing and wide-ranging investigation," said the Metropolitan Police.

MLT's arrest is not the first in the ongoing TeaMp0isoN investigation. Last month, two alleged members of the group--aged 16 and 17 years old--were arrested on charges of having used Skype to overwhelm Britain's anti-terrorism hotline with bogus calls. Their arrest came one day after a recording of one of the prank calls ended up on YouTube, with the headline, "TriCk calls Mi6 Anti-Terrorism Command - TeaMp0isoN."

In February, a hacker identifying himself as TriCk said that he was the 17-year-old British co-founder of TeaMp0isoN. Asked about his greatest accomplishment as a hacker, he replied, "My biggest achievement as a hacker is 'TeaMp0isoN' - embarrassing governments, corrupt organizations and corrupt individuals for 4+ years straight, and the 'enemy' STILL has nothing on us."

As that suggests, prank calls aside, TeaMp0isoN built its reputation by launching distributed denial-of-service attacks against numerous organizations, as well as "doxing"--obtaining and releasing sensitive information about--numerous businesses, government agencies, and individuals. Notably, the group last year published via Pastebin what it claimed to be Tony Blair's private address book. A spokesman for the former British prime minister said at the time that the information appeared to have been obtained from the personal email account of one of Blair's former staff members.

In January 2011, the group exploited a Facebook bug that allowed them to post bogus status updates to roughly 130 different Facebook pages, including pages for the social network's founder, Mark Zuckerberg, as well as then French president Nicholas Sarkozy.

More recently, TeaMp0isoN defaced and knocked the BlackBerry website offline during the August 2011 riots in England, and attacked the United Nations website in November 2011, leading to the release of various user IDs. That same month, TeaMp0isoN announced that it would be collaborating with Anonymous on the Operation Robin Hood wealth redistribution scheme.

Prior to that endeavor, however, the group's members had apparently not been fans of certain LulzSec and Anonymous elements, which they accused of having unsophisticated hacking techniques. In July 2011, TeaMp0isoN went so far as to release documents containing supposed personal information about members of the rival hacktivist crews, in an apparent effort to get the LulzSec and Anonymous participants arrested.

InformationWeek is conducting a survey to get a baseline look at where enterprises stand on their IPv6 deployments, with a focus on problem areas, including security, training, budget, and readiness. Upon completion of our survey, you will be eligible to enter a drawing to receive an 16-GB Apple iPad. Take our InformationWeek IPv6 Survey now. Survey ends May 11.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6278
Published: 2014-09-30
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and m...

CVE-2014-6805
Published: 2014-09-30
The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6806
Published: 2014-09-30
The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6807
Published: 2014-09-30
The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6808
Published: 2014-09-30
The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.