Teamp0ison

Last updated

Teamp0ison
Formation2008
Dissolved2012
Type Hacktivism
Membership
TriCk, MLT. [1] [2] [3] [4] [5]

Teamp0ison was a computer security research group consisting of 3 to 5 core members. The group gained notoriety in 2011/2012 for its blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook, Minecraft Pocket Edition Forums, and several other large corporations and government entities. [6] TeaMp0isoN disbanded in 2012 following the arrests of some of its core members, "TriCk", and "MLT". [7]

Contents

English Defence League

TeaMp0isoN released several documents pertaining to the English Defence League (EDL), leaking information which included personal details of several high-ranking EDL members. [8] In addition, TeaMp0isoN went on to deface EDL's official website. [9]

Facebook

In January 2011, unauthorized status updates were posted on Mark Zuckerberg and French President Nicolas Sarkozy's accounts on social-networking site Facebook. On 25 January, a spokesperson for Facebook acknowledged the bug in their system and said it has been fixed. Later that week The Daily Beast reported that "TriCk", a member of TeaMp0isoN, along with members of a group known as "ZHC", said they had exploited a bug in the web site on the previous New Year's Eve, allowing them to post unauthorized status updates and to block temporary newsfeeds to a list of 130 pages. A spokeswoman for one of the targeted groups, the English Defence League, confirmed that they were targeted and their pages critical of Islam were indeed hacked. Members of Facebook's security team said after being contacted on the matter by The Daily Beast, they had found no evidence of malicious activity in their logs. [10]

Tony Blair address book leak

In June 2011, the group published what appeared to be the address book and other private data of former British Prime Minister Tony Blair on Pastebin. According to TeaMp0isoN, the data was obtained originally in December 2010. Blair's spokesman said the data was not obtained from Blair directly, but from the personal email account of his former staff. [11] TeaMp0isoN responded to this, commenting "Blairs sheep are lying about how we got the info, we got into the webmail server via a private exploit & we wiped the logs so Good luck". [12]

BlackBerry

During the 2011 England riots it was believed that the BlackBerry Messenger service was used by looters for collaboration. TeaMp0isoN defaced the official BlackBerry blog as a response to Research In Motion (RIM), the maker of the BlackBerry, promising to co-operate with the United Kingdom police and government. TeaMp0isoN released a statement saying, "We are all for the rioters that are engaging in attacks on the police and government." [13]

Government leaks

In July 2011, TeaMp0isoN released eight Court Cases against Sarah Palin, claiming they had intentions to do the same with Barack Obama. [14]

On 8 August 2011, TeaMp0isoN released the hashed administrator passwords for a website hosted under NASA's domain, after using a public vulnerability. [15]

In November 2011, TeaMp0isoN released a list of email addresses and passwords that were reportedly obtained via an SQL injection vulnerability in the United Kingdom's Ministry of Defence. [16] The Ministry of Defence is responsible for controlling Britain's defence policies and is also the headquarters of the British Armed Forces.

In December 2011, TeaMp0isoN leaked the account data of 13 million South Korean online game subscribers. [17]

In April 2012, TeaMp0isoN targeted MI6 (the UK's Secret Intelligence Service). The group created a script that allowed them to repeatedly flood the anti-terrorism hotline with computer-generated calls, before calling up the hotline themselves in order to mock officers. The officers then warned them that they would be traced and reported to the FBI. TeaMp0isoN then reportedly wiretapped the MI6 agents, recording a conversation between officers and posting the leaked conversation on YouTube. [18] [19]

On 3 April 2012, TeaMp0isoN gained access to a NATO web server, before leaking data obtained from the server and defacing the index page of the site. [20] [21]

Operation Censor This

TeaMp0isoN joined forces with the hacker collective Anonymous to announce OpCensorThis, an operation intended to protest against censorship. The operation received a lot of media attention and music artists such as Lyricist Jinn and Tabanacle created a music video in order to raise awareness of the operation. [22] [23]

TeaMp0isoN then went on to deface several sites in support of OpCensorThis, the most significant being the United Nations Development Programme, and the British tabloid newspaper, the Daily Mail. [24] [25]

Operation Robin Hood

In response to the Occupy Movement, an online announcement claimed that TeaMp0isoN joined Anonymous to launch Operation Robin Hood, intending to hack into websites, obtain credit cards and make donations to activist organizations while the banks would have to refund the hacked accounts. [26] [27] The video stated: "Operation Robin Hood will take credit cards and donate to the 99% as well as various charities around the globe. The banks will be forced to reimburse the people their money back", while encouraging people to "move your accounts into secure credit unions". [26]

As part of Operation Robin Hood, TeaMp0isoN leaked over 26,000 Israeli credit card details, obtained via vulnerabilities in Israeli banks, One and CityNet. [28]

TeaMp0isoN went on to publish the credit card details and passport scans of well-known rapper Sean Combs (also known as P-Diddy). TeaMp0isoN then used his credit card to donate money to charity and to order pizzas for those who requested via Twitter. [29] P-Diddy launched an internal investigation to attempt to track down TeaMp0isoN, reportedly hiring a team of private detectives. [30]

Operation Retaliation

Following the arrest of founding TeaMp0isoN member "TriCk," the group announced Operation Retaliation, which began with reported DDoS attacks against MI6, before attacks took place against, among others, the Japanese electronics multinational Panasonic, the Australian Government, and the World Health Organization. [31] In addition, Consternation Security and Doxbin were also reported to have been hacked. [32] [33]

United Nations

In November 2011, TeaMp0isoN released more than 128 usernames and login details, which they say were obtained from the United Nations Development Programme. According to a spokeswoman for the UNDP the data was extracted from "an old server which contains old data". [34] TeaMp0isoN disputed this statement, releasing server logs and other evidence to suggest that the server was still in fact actively being used by the United Nations. [35]

In April 2012, TeaMp0isoN hacked the United Nations again, this time targeting the UN's World Health Organisation and leaking a list of usernames and hashed passwords, including administrator credentials. [36] [37]

Possible arrests

On 10 April 2012, the group created a script to call the British Anti-Terrorism Hotline with hoax calls continuously for a 24-hour period to protest the extradition of terrorist suspects to the United States. On 12 April, police arrested two teenagers, aged 16 and 17, over the incident under suspicion of violating the Malicious Communications Act 1988 and the Computer Misuse Act. [38]

On 9 May 2012, alleged TeaMp0isoN member and spokesperson "MLT" was arrested by officers from Scotland Yard on suspicion of offences under the Computer Misuse Act, relating to the attacks on the Anti-Terrorist Hotline and other offences. [39]

Activities in 2015

In 2015, TeaMp0isoN returned and no longer appear to be committing any illegal activities. Posting from their official Twitter account, they have identified and disclosed vulnerabilities in Google, Amazon, eBay, Harvard University, NOAA, Comcast, Time Warner Cable, Western Union, the United Nations, the London Stock Exchange, Autodesk and several other large systems. TeaMp0isoN has also released several zero-day exploits, including one that affected the memorial sites of Malcolm X and Marilyn Monroe, and one that affected a commonly-used WordPress plugin used by a large number of websites. In addition to this, their website and forums have returned alongside their newly launched IRC network, and it appears they also have plans for a wargaming website allowing penetration testers to hone their skills within a legal and ethical environment.[ citation needed ]

In April 2015, TeaMp0isoN identified and disclosed vulnerabilities in many major universities including Harvard University, Stanford University, Princeton University, the University of Texas, and the University of California, among others. The majority of the vulnerabilities found were via SQL injection flaws. [40] Also at this time, TeaMp0isoN identified a zero-day SQL Injection vulnerability, resulting in many sites being compromised, including Crime Stoppers in Waterloo, Ontario, Peel and other Canadian cities and districts. [41]

In May 2015, TeaMp0isoN member "KMS" targeted the Minecraft Pocket Edition Forum, seemingly infiltrating their database and leaking a list of over 16,000 usernames and passwords. [42]

Activities in 2016

Activities in 2016 indicated that they came back as a mix between a black hat and a white hat group. They disclosed vulnerabilities in the United States Department of Education, UCLA, and various other institutions.

In February/March 2016, the group breached both a UN Agency and one of America's largest Internet service providers. During mid-February, TeaMp0isoN breached the United Nations World Tourism Organization and defaced their forum index. [43] During late February, TeaMp0isoN breached the Time Warner Cable Business Class Managed Security Services Portal. Their (since suspended) Twitter feed indicated that they gained access to the backend ticket system as well as the details of 4,191 users. [44]

TeaMp0isoN member "TriCk" is believed to be Junaid Hussain, a black hat hacker who was arrested for doxing Tony Blair's personal information. He fled the UK while on police bail and reportedly joined ISIL. [45] It is believed that Hussain became a prominent ISIL propagandist, using social media to recruit soldiers to join ISIL, and was behind several high-profile attacks under the group name "CyberCaliphate". [46] Hussain is also believed to have links to Jihadi John. Hussain has also been suspected of cooperating with other ISIL members to unmask individuals who report to rebel media groups, and doxing U.S. soldiers and their families. [47]

Hussain was a prominent target on the Pentagon's Disposition Matrix due to his influence overseas. On 26 August 2015, U.S. officials said they have a "high level of confidence" that Hussain was killed in a drone strike in Syria. [48]

See also

Related Research Articles

<span class="mw-page-title-main">Hacktivism</span> Computer-based activities as a means of protest

Internet activism, hacktivism, or hactivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. With roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

HostGator is a Houston-based provider of shared, reseller, virtual private server, and dedicated web hosting with an additional presence in Austin, Texas.

<span class="mw-page-title-main">LulzSec</span> Hacker group

LulzSec was a black hat computer hacking group that claimed responsibility for several high profile attacks, including the compromise of user accounts from PlayStation Network in 2011. The group also claimed responsibility for taking the CIA website offline. Some security professionals have commented that LulzSec has drawn attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks. One of the founders of LulzSec was computer security specialist Hector Monsegur, who used the online moniker Sabu. He later helped law enforcement track down other members of the organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 as part of this investigation. Prior, British authorities had announced the arrests of two teenagers they alleged were LulzSec members, going by the pseudonyms T-flow and Topiary.

<span class="mw-page-title-main">Operation AntiSec</span> Series of cyberattacks conducted by Anonymous and LulzSec

Operation Anti-Security, also referred to as Operation AntiSec or #AntiSec, is a series of hacking attacks performed by members of the hacking group LulzSec and Anonymous, and others inspired by the announcement of the operation. LulzSec performed the earliest attacks of the operation, with the first against the Serious Organised Crime Agency on 20 June 2011. Soon after, the group released information taken from the servers of the Arizona Department of Public Safety; Anonymous would later release information from the same agency two more times. An offshoot of the group calling themselves LulzSecBrazil launched attacks on numerous websites belonging to the Government of Brazil and the energy company Petrobras. LulzSec claimed to retire as a group, but on 18 July they reconvened to hack into the websites of British newspapers The Sun and The Times, posting a fake news story of the death of the publication's owner Rupert Murdoch.

Anonymous is a decentralized virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

UGNazi is a hacker group. The group conducted a series of cyberattacks, including social engineering, data breach, and denial-of-service attacks, on the websites of various organizations in 2012. Two members of UGNazi were arrested in June 2012; one was incarcerated. In December 2018, two members of UGNazi were arrested in connection with a murder in Manila.

<span class="mw-page-title-main">Syrian Electronic Army</span> Hacker group affiliated with the Syrian government

The Syrian Electronic Army is a group of computer hackers which first surfaced online in 2011 to support the government of Syrian President Bashar al-Assad. Using spamming, website defacement, malware, phishing, and denial-of-service attacks, it has targeted terrorist organizations, political opposition groups, western news outlets, human rights groups and websites that are seemingly neutral to the Syrian conflict. It has also hacked government websites in the Middle East and Europe, as well as US defense contractors. As of 2011, the SEA has been "the first Arab country to have a public Internet Army hosted on its national networks to openly launch cyber attacks on its enemies".

<span class="mw-page-title-main">NullCrew</span>

NullCrew was a hacktivist group founded in 2012 that took responsibility for multiple high-profile computer attacks against corporations, educational institutions, and government agencies.

RedHack is a Turkish Marxist-Leninist computer hacker group founded in 1997. The group has claimed responsibility for hacking the websites of institutions which include the Council of Higher Education, Turkish police forces, the Turkish Army, Türk Telekom, and the National Intelligence Organization others. The group's core membership is said to be twelve. RedHack is the first hacker group which has been accused of being a terrorist organization and circa 2015 is one of the world's most wanted hacker groups.

Junaid Hussain was a British black hat hacker and propagandist under the nom de guerre of Abu Hussain al-Britani who supported the Islamic State of Iraq and the Levant (ISIL). Hussain, who was raised in Birmingham in a family originally from Pakistan, was jailed in 2012 for hacking Tony Blair's accounts and posting his personal information online. Hussain left the UK around 2013 for Syria.

On March 27, 2016, hackers under the banner "Anonymous Philippines" hacked into the website of the Philippine Commission on Elections (COMELEC) and defaced it. The hackers left a message calling for tighter security measures on the vote counting machines (VCM) to be used during the 2016 Philippine general election on May 9. Within the day a separate group of hackers, LulzSec Pilipinas posted an online link to what it claims to be the entire database of COMELEC and updated the post to include three mirror link to the index of the database's downloadable files. The leaked files by LulzSec Pilipinas amounts to 340 gigabytes.

MLT, real name Matthew Telfer, is a cybersecurity researcher, former grey hat computer hacker and former member of TeaMp0isoN. MLT was arrested in May 2012 in relation to his activities within TeaMp0isoN, a computer-hacking group which claimed responsibility for many high-profile attacks, including website vandalism of the United Nations, Facebook, NATO, BlackBerry, T-Mobile USA and several other large sites in addition to high-profile denial-of-service attacks and leaks of confidential data. After his arrest, he reformed his actions and shifted his focus to activities as a white hat cybersecurity specialist. He was the founder of now-defunct Project Insecurity LTD.

BASHLITE is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

Hack Forums is an Internet forum dedicated to discussions related to hacker culture and computer security. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The website has been widely reported as facilitating online criminal activity, such as the case of Zachary Shames, who was arrested for selling keylogging software on Hack Forums in 2013 which was used to steal personal information.

References

  1. "Alleged TeaMp0isoN teen hackers charged with jamming anti-terrorist hotline". Naked Security.
  2. "MLT – Suspected member of TeamPoison hacking gang arrested - Naked Security". Naked Security.
  3. Jana Winter, Jeremy A. Kaplan. "Exclusive: Rival Hacker Group Racing Police to Expose LulzSec". Fox News .
  4. Eduard Kovacs (28 March 2014). "Man Involved in Hacktivist Campaign Against Israel Sentenced to 15 Months in Jail". softpedia .
  5. Perlroth, Nicole. "Adobe Hacking Attack Was Bigger Than Previously Thought". The New York Times.
  6. Eduard Kovacs (18 February 2012). "Hackers Around the World: It's No TriCk, He's Among the Best in the UK". softpedia. Retrieved 3 May 2016.
  7. Smolaks, Max (13 April 2012). "Police arrest TeaMp0isoN suspects". TechWeekEurope UK. Retrieved 3 May 2016.
  8. Usman, Muhammad (September 2011). "English Defence League (EDL) Hacked By TeaMp0isoN (Members Personal Information Leaked) ~ The Hackers Media™ [ THM ]". thehackersmedia.blogspot.co.uk. Retrieved 3 May 2016.
  9. Leyden, John (11 February 2011). "English Defence League site pulled offline after defacement". theregister.co.uk. Retrieved 3 May 2016.
  10. Ries, Brian (27 January 2011). "The Mujahideen Hackers Who 'Clean Facebook'". The Daily Beast. Retrieved 3 May 2016.
  11. Chatterjee, Surojit (26 June 2011). "LulzSec sails into sunset as TeaMp0isoN terrorizes Internet". International Business Times . Retrieved 3 May 2016.
  12. Neal, Dave (27 June 2011). "Tony Blair got hacked". TheINQUIRER . Archived from the original on 30 June 2011. Retrieved 3 May 2016.{{cite web}}: CS1 maint: unfit URL (link)
  13. "England riots: Hackers hit Blackberry over police help". BBC News. 10 August 2011. Retrieved 3 May 2016.
  14. Kumar, Mohit (21 July 2011). "8 Court Cases against Sarah Palin Leaked By TeaMp0isoN". The Hacker News. Retrieved 3 May 2016.
  15. Kumar, Mohit (10 August 2011). "TeaMp0isoN : NASA forum is Vulnerable SQL injection, Admin Hacked !". The Hacker News. Retrieved 3 May 2016.
  16. Chirgwin, Richard (9 November 2011). "Foreign government emails HACKED says TeamP0ison". theregister.co.uk. Retrieved 3 May 2016.
  17. "Data of 13 million South Korean online game subscribers hacked". Reuters. 26 November 2011. Retrieved 25 August 2019.
  18. Eduard Kovacs (12 April 2012). "MI6 Call, Possibly to FBI, Leaked by TeaMp0isoN (Audio)". softpedia.
  19. Smolaks, Max (12 April 2012). "TeaMp0isoN Hacks MI6 Phones". TechWeekEurope UK. Retrieved 3 May 2016.
  20. Eduard Kovacs (3 April 2012). "Site of NATO Croatia Hacked and Defaced by TeaMp0isoN". softpedia.
  21. Amir, Waqas (4 April 2012). "Official NATO Croatia Website defaced by TeaMp0isoN". HackRead.
  22. Eduard Kovacs (21 January 2013). "Rappers Tabanacle, Proverbz and LyricistJinn Release New Anthem for OpCensorThis". softpedia.
  23. Despotovic, Nebojsa (9 August 2011). "Anonymous and Team Poison join forces for #OpCensorThis". Atraktor Studio. Archived from the original on 9 February 2012.
  24. "Anonymous Press: Teamp0isoN #pwnd #UN #OpCensorThis". www.legionnet.lgnsec.nl.eu.org. 23 February 2012. Retrieved 3 May 2016.
  25. "Home - Latest Cyberwar News - Cyberwarzone". Cyberwarzone. 6 February 2012. Archived from the original on 28 July 2013.
  26. 1 2 https://www.youtube.com/watch?v=njONcmb81r0 Anonymous - #OpRobinHood
  27. "'Operation Robin Hood': The hacker scheme to fund Occupy". theweek.com. 1 December 2011. Retrieved 3 May 2016.
  28. Eduard Kovacs (2 February 2012). "TeaMp0isoN Leaks 26,000 Israeli Credit Cards from One and Citynet (Exclusive)". softpedia.
  29. Eduard Kovacs (2 December 2011). "P-Diddy's Credit Card and Passport Details Leaked by TeaMp0isoN". softpedia.
  30. Bychawski, Adam (12 October 2011). "P Diddy's credit card details stolen and posted online". NME.COM. Retrieved 3 May 2016.
  31. Eduard Kovacs (4 May 2012). "Panasonic, United Nations and Australian Government Hacked by TeaMp0isoN". softpedia.
  32. "Anonymous Press". eu.org.
  33. Eduard Kovacs (16 April 2012). "TeaMp0isoN Confirm TriCk's Arrest, "Operation Retaliation" Starts (Updated)". softpedia.
  34. "United Nations agency 'hacking attack' investigated - BBC News". BBC News. 29 November 2011. Retrieved 3 May 2016.
  35. Eduard Kovacs (5 December 2011). "TeaMp0isoN Brings Solid Evidence to Prove UN Server Not 'Old'". softpedia.
  36. Oswald, Ed (30 November 2011). "United Nations hacked! Passwords posted!". BetaNews. Retrieved 3 May 2016.
  37. Latif, Salman (6 May 2012). "TeaMp0ison Hacks Sites of Panasonic, World Health Organization And Australian Government". The Tech Journal. Retrieved 3 May 2016.
  38. Kirk, Jeremy (12 April 2012). "UK Police Arrest Two Over Anti-Terrorist Hotline Prank Calls". CIO. Archived from the original on 28 December 2013. Retrieved 13 April 2012.
  39. Cluley, Graham (11 May 2012). "MLT – Suspected member of TeamPoison hacking gang arrested". Naked Security. Retrieved 3 May 2016.
  40. "TeaMp0isoN reveals schools' vulnerabilities". www.databreaches.net. 12 April 2015. Retrieved 3 May 2016.
  41. "Here's a tip for some Crime Stoppers in Canada: you've been hacked (UPDATED)". www.databreaches.net. 12 April 2015. Retrieved 3 May 2016.
  42. Ilascu, Ionut (26 May 2015). "Minecraft Pocket Edition Forum Hacked Before Going Belly Up". softpedia. Retrieved 3 May 2016.
  43. Murdock, Jason (25 February 2016). "UN tourism website breached and defaced by 'TeamPoison' hacking collective". International Business Times UK. Retrieved 3 May 2016.
  44. Cimpanu, Catalin (1 March 2016). "TeaMp0isoN Hacks Time Warner Cable Business Website, Dumps Customer Data". softpedia. Retrieved 3 May 2016.
  45. "Cyber Caliphate: ISIS Plays Offense on the Web". Recorded Future.
  46. Halleck, Thomas (14 January 2015). "Junaid Hussain: CyberCaliphate Leader And ISIS Member Was Behind CENTCOM Hack, Report Says". International Business Times. Retrieved 3 May 2016.
  47. Seals, Tara (20 December 2014). "ISIS Likely Behind Cyber-attack Unmasking Syrian Rebels". Infosecurity Magazine. Retrieved 3 May 2016.
  48. Fricker, Martin (26 August 2015). "ISIS computer hacker Junaid Hussain has been killed in a U.S. drone strike". mirror. Retrieved 3 May 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.