|Motto||"Knowledge is Power"|
|TriCk, MLT, Hex00010, |
TeaMp0isoN is a computer security research group consisting of 3-5 core members. The group gained notoriety in 2011/2012 for their blackhat hacking activities, which included attacks on the United Nations, NASA, NATO, Facebook and several other large corporations and government entities. TeaMp0isoN disbanded in 2012 following the arrests of two of their core members, 'TriCk' and 'MLT'. In 2015, TeaMp0isoN returned, rebranding their group as a legitimate whitehat computer-security research team.
TeaMp0isoN formed in mid-2008 - the group originally started as a forum (http://p0ison.org) and the more skilled members of the community went on to form the group, causing TeaMp0isoN to expand from a forum to a team of blackhat computer hackers who performed several high-profile website defacements and distributed denial of service attacks. TeaMp0isoN became known to the general public in 2011, after exposing several LulzSec members and defacing the website of alleged LulzSec member JoePie91.
English Defence League
TeaMp0isoN released several documents pertaining to the English Defence League, leaking information which included personal details of several high-ranking EDL members. In addition to this, TeaMp0isoN went on to deface the official website of the English Defence League
In January 2011, unauthorized status updates were posted on Mark Zuckerberg and French President Nicolas Sarkozy's accounts on social-networking site Facebook. On January 25, a spokesperson for Facebook acknowledged the bug in their system and said it has been fixed. Later that week The Daily Beast reported that "TriCk", a member of TeaMp0isoN, along with members of a group known as "ZHC", said they had exploited a bug in the web site on previous New Year's Eve, allowing them to post unauthorized status updates and to block temporary newsfeeds to a list of 130 pages. A spokeswoman for one of the targeted groups, the English Defense League, confirmed that they were targeted and their pages critical of Islam were indeed hacked. Members of Facebook's security team said after being contacted on the matter by The Daily Beast, they had found no evidence of malicious activity on their logs.
Tony Blair address book leak
The group published in Pastebin what appeared to be the address book and other private data of former British Prime Minister Tony Blair, in June 2011. According to TeaMp0isoN the data was obtained originally in December 2010. Tony Blair's spokesman said the data was not obtained from Blair directly, but from the personal email account of his former staff. TeaMp0isoN responded to this, commenting "Blairs sheep are lying about how we got the info, we got into the webmail server via a private exploit & we wiped the logs so Good luck".
During 2011 England riots it was believed that BlackBerry Messenger service was used by looters for collaboration. The group defaced the official BlackBerry blog as a response to Research In Motion (RIM), the maker of the BlackBerry, promising to co-operate with the United Kingdom police and government. TeaMp0isoN's released a statement saying, "We are all for the rioters that are engaging in attacks on the police and government."
In November 2011, TeaMp0isoN released a list of email addresses and passwords that were reportedly obtained via an SQL injection vulnerability in the United Kingdom's Ministry of Defence. The UK MoD is responsible for controlling the UK's defence policies, and is also the headquarters of the British Armed Forces.
In April 2012, TeaMp0isoN targeted MI6 (UK Secret Intelligence Service), the group created a script that allowed them to repeatedly flood the anti-terrorism hotline with computer-generated calls, before calling up the hotline themselves in order to mock officers - the officers then warned them that they would be traced and reported to the FBI. TeaMp0isoN then reportedly wiretapped the MI6 agents, recording a conversation between officers and posting the leaked conversation on YouTube.
Operation Censor This
TeaMp0isoN joined forces with well-known hacker collective Anonymous to announce OpCensorThis, an operation intended to protest against censorship - the operation received a lot of media attention and music artists such as Lyricist Jinn and Tabanacle created a music video in order to raise awareness for the operation.
TeaMp0isoN then went on to deface several sites in support of OpCensorThis, the most notable being the United Nations Development Programme, and the well-known British newspaper, The Daily Mail.
Operation Robin Hood
In response to Occupy Movement, an online announcement claims that TeaMp0isoN joined Anonymous to launch Operation Robin Hood, intending to hack into websites, obtain credit cards and make donations to activist organizations while the banks would have to refund the hacked accounts. The video states: "Operation Robin Hood will take credit cards and donate to the 99% as well as various charities around the globe. The banks will be forced to reimburse the people their money back." while encouraging to "move your accounts into secure credit unions, in an echo to the Bank Transfer Day movement.
As part of Operation Robin Hood, TeaMp0isoN leaked over 26,000 Israeli credit card details, obtained via vulnerabilities in Israeli banks, One and CityNet.
TeaMp0isoN then went on to publish the credit card details and passport scans of well-known rapper Sean Combs (also known as P-Diddy), TeaMp0isoN then used his credit card to donate money to charity and to order pizza for those who requested via Twitter. P-Diddy then launched an internal investigation to attempt to track down TeaMp0isoN, reportedly hiring a team of private detectives.
Following the arrest of founding TeaMp0isoN member TriCk, the group announced Operation Retaliation, which began with reported DDoS attacks against MI6 (https://www.sis.gov.uk/), before various other attacks took place, the most notable being Panasonic, The Australian Government, and the United Nations World Health Organisation. In addition to this, Consternation Security and Doxbin were also reportedly hacked.
In November 2011, TeaMp0isoN released more than 128 usernames and login details, which they say were obtained from the United Nations Development Programme. According to a spokeswoman for the UNDP the data was extracted from "an old server which contains old data". TeaMp0isoN then disputed this statement, releasing server logs and other evidence to suggest that the server was still in fact actively being used by the United Nations.
In April 2012, TeaMp0isoN hacked the United Nations again, this time targeting their World Health Organisation and leaking a list of usernames and hashed passwords, including the administrator credentials.
On 10 April 2012, the group created a script to call the British Anti-Terrorism Hotline with hoax calls continuously for a 24-hour period to protest the extradition of terrorist suspects to the United States. On 12 April, police arrested two teenagers, 16 and 17, over the incident under suspicion of violating the Malicious Communications Act 1988 and the Computer Misuse Act.
On 9 May 2012, alleged TeaMp0isoN member and spokesperson "MLT" was arrested by officers from Scotland Yard on suspicion of offences under the Computer Misuse Act, relating to the attacks on the Anti-Terrorist Hotline and other offences.
Activities in 2015
In 2015, TeaMp0isoN returned and no longer appear to be committing any illegal activities. Posting from their official Twitter account, they have identified and disclosed vulnerabilities in Google, Amazon, eBay, Harvard University, NOAA, Comcast, Time Warner Cable, Western Union, the United Nations, the London Stock Exchange, Autodesk and several other large systems. TeaMp0isoN has also released several zero-day exploits, including one that affected the memorial sites of Malcolm X and Marylin Monroe, and one that affected a commonly-used WordPress plugin used by a large number of websites. In addition to this, their website and forums have returned alongside their newly launched IRC network, and it appears they also have plans for a wargaming website allowing penetration testers to hone their skills within a legal and ethical environment. 
Links to the Islamic State
TeaMp0isoN member TriCk fled the UK while on police bail, and reportedly joined the Islamic State in Syria. It is believed that TriCk has continued his hacking activities as an Islamic State militant, and was behind several high profile attacks under the group name 'CyberCaliphate'. TriCk is also believed to have links to Jihadi John and is a known member of the notorious Islamic State terror cell known as 'The Beatles'.
Potential links between other TeaMp0isoN members and the Islamic State should be explored. The media made links between well known hacking group Lizard Squad and the Islamic State, and it should be noted that some links have been made between TeaMp0isoN and Lizard Squad. Well known and respected hacktivist th3j35t3r made a blog post linking TeaMp0isoN to Lizard Squad, supporting his post with factual evidence, and in addition to this, the cyber-threat intelligence group IntelCrawler named TeaMp0isoN member 'MLT' as an associate of Lizard Squad.
- "The Mujahideen Hackers Who Cleanse Facebook Up". Retrieved 13 July 2011.
- "LulzSec sails into sunset as TeaMp0isoN terrorizes Internet". International Business Times. Retrieved 6 October 2011.
- "BBC News – England riots: Hackers hit Blackberry over police help". BBC. 10 August 2011. Retrieved 11 August 2011.
- "NASA is Vulnerable, SQL injection".
- https://www.youtube.com/watch?v=njONcmb81r0 Anonymous - #OpRobinHood
- "'Operation Robin Hood': The hacker scheme to fund Occupy". 2011-12-01.
- "United Nations Hacking Attack Investigated".
- Kirk, Jeremy (12 April 2012). "UK Police Arrest Two Over Anti-Terrorist Hotline Prank Calls". CIO. Archived from the original on 13 April 2012. Retrieved 13 April 2012.
- "MLT Suspected Member of Teampoison Hacking Gang Arrested". CIO. 11 May 2012. Retrieved 11 May 2012.