Biography:MLT (hacktivist)

From HandWiki
MLT
Born1994
NationalityUnited Kingdom
Occupationformer Grey Hat hacktivist
Known forComputer Security

MLT, real name Matt Telfer,[1] is a former grey hat computer hacker and member of TeaMp0isoN. MLT was arrested in May 2012 in relation to his activities within TeaMp0isoN, a computer-hacking group which claimed responsibility for many high-profile attacks, including website defacements of the United Nations , Facebook, NATO, BlackBerry, T-Mobile USA and several other large sites in addition to high-profile denial-of-service attacks and leaks of confidential data.[2][3]

History

Believed to be the co-leader and spokesperson of TeaMp0isoN[4], MLT, along with Junaid Hussain and other hackers targeted many large websites and corporations over a two year period, from 2010 up until 2012 when both individuals were arrested. The group first gained popularity after targeting infamous hacking collective LulzSec, releasing personal information on their members and purporting to have hacked their websites, they then went on to target sites such as NATO, and various government officials from the United Kingdom and United States of America [5]. The arrests finally came as a result of the probe into the alleged hacking and wiretapping of the British Security Services Anti-Terrorism Hotline[6].

MLT was suspected of having direct ties to the global hacking collective, Anonymous[7], and states that he started his hacking career from an early age of around 12 or 13.[8]. The popular computer vigilante known as The Jester has accused MLT of having ties to Crackas With Attitude[9], a blackhat group that leaked several government documents pertaining to the CIA and FBI[10]. MLT was also suspected of having ties to the blackhat hacking group known as Lizard Squad, as suggested by cybersecurity intelligence firm IntelCrawler LLC in a threat intelligence report that was released[11]. These claims were also supported by The Jester[12]

MLT was the former hacking partner[13] of Junaid Hussain, who later went on to join ISIS and was killed in a drone strike[14] by the US Government after becoming the third highest target on their 'kill list' due to his role in inspiring international lone-wolf terrorism alongside his hacking activities for ISIS under the banner of Islamic State Hacking Division. It was reported by Vice that Junaid Hussain remained in contact with MLT while in Syria, and that he used to occasionally ask for advice relating to hacking or would sometimes even openly boast about his activities within ISIS to MLT.[15]

Arrest

On Wednesday 9 May 2012, MLT was arrested in Newcastle upon Tyne by the Metropolitan Police who released a statement saying: "The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world,"[16]

It was reported that MLT could have faced up to 10 years in prison for the events leading to his arrest.[17] Junaid Hussain who was also arrested in relation to the same offences received a 6 month sentence under the Computer Misuse Act and the Malicious Communications Act after pleading guilty to hacking the email account of Tony Blair, the former British Prime Minister.[18]

Recent Activity

After his arrest, MLT has focused his attention on legitimate security research as opposed to illegal hacking activity. He has identified and reported critical vulnerabilities in sites such as eBay[19] and the U.S. Department of Defense[20] and states that he avoids illegal activities and instead dedicates his time to participating in Bug Bounty Programs.[21]

In May 2015, someone purporting to be MLT featured on CNN, speaking to them about Junaid Hussain and claiming that he witnessed him appear on video chat once as a 'black power ranger' while wielding an AK-47.[22] In August 2015, MLT featured on Episode 5 of the TV show Viceland Cyberwar where he spoke about subjects ranging from the security of autonomous cars to the death of his former hacking partner.[23][24]

In 2017, MLT appears to have shifted his focus to exploit development, publishing several zero-day vulnerabilities online under the banner of a group known as Project Insecurity[25].

Project Insecurity

In 2017, MLT founded a computer security research organization and education platform known as Project Insecurity. According to the website, the organization has around 20 active members and offers a variety of services including private mentoring sessions, penetration tests, custom application development, and security awareness training designed to allow corporations to employ good security habits and how to spot scams or phishing attacks. MLT works alongside reformed blackhat hackers within this group, with many of the members having previously been convicted under the Computer Misuse Act. MLT's stance on this is that those who have hacked maliciously have a deeper understanding of such concepts, and that their talent should not be put to waste.[26]

When the organization originally surfaced, an assortment of security exploits were publicly disclosed; primarily exposing flaws in Content Management Systems and Forum Board Software. Some examples of these include XenForo, MyBB, phpBB, X-Cart, OsCommerce, concrete5, and Invision Power Board[27]. Project Insecurity also released the exploit code for Hangzhou XiaongMai Technologies CCTV Cameras[28], demonstrating how it was possible for hackers to take control of over two million vulnerable devices and use them as part of a Botnet. These devices were believed to have been used to partially power the Mirai Botnet, resulting in what was (at the time) the most powerful Denial of Service attack in the history of the internet.[29]

In late 2017, Project Insecurity published several exploits affecting the Pulse Connect Secure VPN client developed by Juniper Networks, this client is primarily used within intranet environments, but many sites used this and were affected, notably Twitter.[30] Around this same time period, Project Insecurity released several exploits affecting popular plugins for WordPress and Joomla.

In April 2018, Project Insecurity released two exploits affecting live chat systems used by various Internet Service Providers and Financial corporations around the world. Nuance Communications and LiveChat were the affected software vendors, both of which appeared to be vulnerable to bugs of a similar nature. These bugs allowed a malicious hacker to glean information on employees relating to the affected companies, such as the name, email, and employee ID of the chat agent, alongside other information such as the backend systems in use, allowing a malicious hacker to potentially gain a foothold within these networks. Some of the affected companies included Google, PayPal, Bank of America, Verizon, Sony, Tesla, Orange, Kaspersky, BitDefender, AT&T, and many other large corporations[31] . One of the founders of this exploit was Kane Gamble, who was convicted and given a two-year prison sentence shortly after these exploits were disclosed. Kane's sentencing was unrelated to any activities involving Project Insecurity and was instead due to his involvement with Crackas With Attitude, a group responsible for purportedly hacking the CIA, FBI and Department of Homeland Security[32]. Prior to his sentencing, Kane Gamble had been attempting to show that he had reformed his character, not only working alongside Project Insecurity to help secure the above affected systems, but also by reporting vulnerabilities to companies such as T-Mobile USA of his own accord[33].

In May 2018, Project Insecurity member Six gained access to an administrative portal for EE, the largest telecommunications provider in the UK. This allowed him to view more than two million lines of their source code, including private developer API keys and Amazon Web Services secret keys.[34]

References

  1. https://internetofbusiness.com/critical-security-flaws-found-in-popular-medical-records-software/
  2. Introduction to cyberwarfare: a multidisciplinary approach. 2013. 
  3. "British Cops Arrest Third Teampoison Hacker". NBC. 2012. http://www.nbcnews.com/id/47388075/ns/technology_and_science-security/t/british-cops-arrest-third-team-poison-hacker/. Retrieved 2016-09-20. 
  4. "Teenager arrested accused of computer hacking". Sky News. 2012. http://www.itv.com/news/topic/teamp0ison/. Retrieved 2017-07-09. 
  5. Deception in the Digital Age, exploiting and defending human targets. Cameron H. Malin. 2017. https://books.google.co.uk/books?isbn=0124116396. Retrieved 2016-09-20. 
  6. "TeaMp0isoN Hacks Met Police Anti-Terror Hotline". Sky News. 2012. https://www.youtube.com/watch?v=xTjwI2iVF20. Retrieved 2016-09-20. 
  7. Introduction to cyberwarfare: a multidisciplinary approach. 2013. 
  8. "teamp0ison member interview". Security Affairs. July 2016. http://securityaffairs.co/wordpress/49735/hacking/teamp0ison-member-interview.html. Retrieved 2017-07-09. 
  9. "Tcia-director-brennan-aol-hack-what-you-need-to-know". Jesters Court. 2015. https://jesterscourt.cc/2015/10/22/cia-director-brennan-aol-hack-what-you-need-to-know/. Retrieved 2017-07-09. 
  10. "cia-email-hackers-return-with-major-law-enforcement-breach". WIRED. November 2015. https://www.wired.com/2015/11/cia-email-hackers-return-with-major-law-enforcement-breach/. Retrieved 2017-07-09. 
  11. "IC_GOP.pdf". IntelCrawler LLC. December 2014. https://www.scribd.com/document/321146651/IC-GOP-pdf. Retrieved 2017-07-09. 
  12. "The Stupid, it burns". The Jester. January 2015. https://jesterscourt.cc/2015/01/28/the-stupid-it-burns/. Retrieved 2017-07-09. 
  13. "How a Teenage Hacker Became the Target of a US Drone Strike". Vice. August 2016. http://motherboard.vice.com/read/junaid-hussain-isis-hacker-drone. Retrieved 2016-09-20. 
  14. "British Born ISIS hacker killed in drone strike". The Independent. August 2015. https://www.independent.co.uk/news/world/middle-east/british-born-isis-hacker-killed-us-drone-strike-in-syria-kills-junaid-hussain-10474007.html. Retrieved 2016-09-20. 
  15. "British Hacker is No. 3 on Pentagon kill list". The Sunday Times. August 2015. http://www.thesundaytimes.co.uk/sto/news/uk_news/article1588418.ece. Retrieved 2016-09-20. 
  16. "teampoison hacker suspect has anonymous ties". darkreading.com. 2012-05-11. http://www.darkreading.com/attacks-and-breaches/teampoison-hacker-suspect-has-anonymous-ties/d/d-id/1104323?. Retrieved 2016-09-20. 
  17. "teenager arrested over teampoison hacking attacks". telegraph.co.uk. 2012-05-10. https://www.telegraph.co.uk/technology/news/9257405/Teenager-arrested-over-TeamPoison-hacking-attacks.html. Retrieved 2016-09-20. 
  18. "teamp0ison hacker trick pleads guilty to hacking tony blairs e-mail". threatpost.com. July 2012. https://threatpost.com/report-teamp0ison-hacker-trick-pleads-guilty-hacking-tony-blairs-e-mail-070212/76757/. Retrieved 2016-09-20. 
  19. "eBay XSS bug left users vulnerable to (almost) undetectable phishing attacks". Sophos. January 2016. https://nakedsecurity.sophos.com/2016/01/13/ebay-xss-bug-left-users-vulnerable-to-almost-undetectable-phishing-attacks/. Retrieved 2016-09-20. 
  20. "Researcher Finds Several ‘Serious’ Vulnerabilities in US Military Websites". Vice. January 2016. https://motherboard.vice.com/read/researcher-finds-several-serious-vulnerabilities-in-us-military-websites. Retrieved 2016-09-20. 
  21. "TeaMp0isoN member interview". Security Affairs. August 2016. http://securityaffairs.co/wordpress/49735/hacking/teamp0ison-member-interview.html. Retrieved 2016-09-20. 
  22. "ISIS jihadi linked to Garland attack has long history as hacker". CNN. May 2015. http://edition.cnn.com/2015/05/06/us/who-is-junaid-hussain-garland-texas-attack/. Retrieved 2016-09-20. 
  23. "Cyberwar: Syria's Cyber Battlefields". Viceland. August 2015. https://www.viceland.com/en_us/video/syrias-cyber-battlefields/5786b9a4914084e32a41b545. Retrieved 2016-09-20. 
  24. "MLT on the Future of Hacking". Viceland. August 2015. https://www.viceland.com/en_us/video/mlt-on-the-future-of-hacking/57a0f00e790fa88a29be163b. Retrieved 2016-09-20. 
  25. "Files From Project Insecurity". Packetstorm Security. 2017. https://packetstormsecurity.com/files/author/12901/. Retrieved 2016-09-20. 
  26. "Project Insecurity". Project Insecurity. 2017. https://insecurity.sh/. Retrieved 2018-05-05. 
  27. "Project Insecurity". Project Insecurity. 2017. https://insecurity.sh/. Retrieved 2018-05-05. 
  28. "XiongMai-uc-http-1.0.0-Local-File-Inclusion-Directory-Traversal". PacketStorm Security. 2017. https://packetstormsecurity.com/files/142131/XiongMai-uc-http-1.0.0-Local-File-Inclusion-Directory-Traversal.html/. Retrieved 2018-05-05. 
  29. "Files From Project Insecurity". Packetstorm Security. 2017. https://packetstormsecurity.com/files/author/12901/. Retrieved 2016-09-20. 
  30. "Files From Project Insecurity". Packetstorm Security. 2017. https://dl.packetstormsecurity.net/1707-exploits/pulseconnect-xssxsrf.pdf. Retrieved 2018-05-05. 
  31. "live-chat-widgets-leak-employee-details-from-high-profile-companies". Bleeping computer. 2018. https://www.bleepingcomputer.com/news/security/live-chat-widgets-leak-employee-details-from-high-profile-companies/. Retrieved 2018-05-05. 
  32. "Kane Gamble, British hacker, admits targeting heads of CIA, FBI". Washington Times. 2018. https://www.washingtontimes.com/news/2017/oct/6/kane-gamble-british-hacker-admits-targeting-heads-/. Retrieved 2018-05-05. 
  33. "British teen who tried to hack CIA chief finds 'critical' T-Mobile flaw exposing customer accounts". International Business Times. 2018. https://www.ibtimes.co.uk/british-teen-who-tried-hack-cia-chief-finds-critical-t-mobile-flaw-exposing-customer-accounts-1663768. Retrieved 2018-05-05. 
  34. "UK cell giant EE left a critical code system exposed with a default password". ZDNET. 2018. https://www.zdnet.com/article/mobile-giant-left-code-system-online-default-password/. Retrieved 2018-05-14.