[URL="https://www.facebook.com/TeaMp0isoN"]TeaMp0isoN[/URL], a black-hat hacking collective, has announced that it is to collaborate with Anonymous on Operation Robin Hood which swears to take money from the banks (in the form of stolen credit card data) and redistribute the wealth from the 1% to the 99% in support of the Occupy Movement. But just who exactly are TeaMp0isoN and what impact is Operation Robin Hood likely to have?
[ATTACH=RIGHT]23129[/ATTACH]Let's start with the easy stuff first and get a handle on TeaMp0isoN. Although you might think that finding anything out about a hacking collective which does things the likes of the FBI and law-enforcement authorities the world over would, almost by definition, be pretty difficult the truth is almost the opposite. Whilst identifying the individuals behind the handles adopted by the core members of TeaMp0isoN is not straightforward, otherwise you can bet your bottom dollar that the Federal authorities would have been knocking on their doors in the wee small hours before now, the nature of political hacktivism is such that it feeds upon publicity. There is, the argument goes, no point in taking down a large corporate server if nobody outside of the normal internal corporate channels knows about it. Hacktivism is a double-edged sword which not only needs the world to know that a spanner has been thrown into the corporate wheel of technology but also who threw it and why.
So we know that TriCk, iN^SaNe, Hex00010 and aXioM are amongst the core teenage members, thought to number no more than ten, of the hacking collective which appears to have been formed either at the end of 2009 or the start of 2010. We also know that it wasn't until this year that TeaMp0isoN started to get serious and hit the headlines. So we've seen such high profile exploits as finding a bug on Facebook that enabled them to update the accounts of both the French President, Nicolas Sarkozy, and Facebook founder and CEO Mark Zuckerberg himself in January 2011. At the same time, the group took the opportunity to block access to the Facebook pages of certain political concerns such as the right wing English Defence League which were critical of Islam.
Later in the year, TeaMp0isoN used that favorite haunt of hackers the world over, Pastebin, to publish what was claimed to be the personal address book of former British Prime Minister Tony Blair. This was followed by the publication of hashed admin passwords of the NASA website courtesy of s simple SQL injection exploit. Research in Motion cam under fire during the riots in London and other parts of the UK, after the company said it would co-operate with law enforcement in tracking down the names of those organising the riots via the BlackBerry Messenger service. The TeaMp0isoN response was deface the official BlackBerry blog with a statement that it supported the rioters.
Perhaps most surprisingly though, TeaMp0isoN has also targeted other hacking collectives. The most prominent being LulzSec, a group which it claims is comprised of N00b hackers with poor skill levels, even calling them script kiddies as a result. This competitiveness took shape with the publication of what TeaMp0isoN claims were the personal details of several key LulzSec members along with hashed passwords and IP details for the AnonOps IRC server it was said to be using.
However, by collaborating with the daddy of all hacking collectives, Anonymous, it would seem that TeaMp0isoN is upping the stakes and getting really serious with the announcement that it intends to form a new group called p0isAnon to launch a concerted attack against 'the banks' as a direct result of the banking and corporate worlds response to the Occupy Movement.
The official statement announcing Operation Robin Hood talks about the banks getting the attention of the hackers and claims that between them they have already "removed well over 500,000 accounts from banks and put them into credit unions" and goes on to state that it will "take credit cards and donate to the 99% as well as various charities around the globe" while the banks themselves will be "forced to reimburse the people there (sic) money back". TeaMp0isoN, writing as p0isAnon, claims to have hit the Bank of America, Chase and CitiBank credit cards with "big breaches across the map" although no actual details of these are given. It further claims to have "donated thousands to the homeless and other charities" hence the Robin Hood tag, but again there is no evidence to back up this assertion at this time.
The part of the statement that stood out for me though was where TeaMp0isoN insists that it is going to "hit the true evil while not harming theirs (sic) customers" which, apart from anything else, would appear to misunderstand how the financial business sector works. "We will avenge every person banks turned down and stolen from" the statement insists, continuing that it will "take from the banks and give to the poor". The whole redistribution of wealth notion will appeal to many, especially in times of recession when we have seen big business in general, and banks in particular, continue to rake in the profit and cream it off to the benefit of the those at the very top, directors and shareholders alike. However, while p0isAnon is quite right in the assertion that when a stolen credit card is used to make a fraudulent transaction there is no direct liability to the customer, it's not just the banks who get hit financially as a result. Indeed, there's a pretty good argument that the banks feel very little pain at all in the long run. The retailer certainly fells pain as they lose goods and the cost of those goods as they do have a direct liability in such circumstances. The same liability would apply to charities who accept donations which turn out to have been made using stolen credit cards. Which rather negates the point of 'redistributing wealth' to them in the first place as such action will ultimately cost the charity money in terms of the administrative cost in dealing with the charge-backs and accounting involved.
And then there's the consumers themselves, the people whose credit card details are being stolen in the first place. Statistics suggest that the very people who use credit cards the most are those least able to afford to be able to do so. Sure, consumerisation and greed plays a part here but so does poverty. Poor people not only only have credit cards but use them to pay off other debts in a downward spiral of desperation. Action such as suggested by the Operation Robin Hood announcement will do nothing to help these poor people: in fact it is likely to make things worse. Banks and credit card companies do not just sit back and absorb a loss, they increase their fees, their interest rates, and pass these on to their customers in order to maintain profitability. The very same people for whom Operation Robin Hood is meant to be benefitting. Far from stealing from the rich to give to the poor, it seems to me that this is just stealing from the rich to inconvenience the banks but ultimately just make things worse for the poor.
It remains to be seen just how effective TeaMp0isoN will be in stealing credit card data and compromising bank accounts in the first place, but I can't help feeling that whatever the motives behind the operation it will misfire and it will not be banks which get left burnt.
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
I think this is a terrible event, since when is LulzSec anyone's enemy (besides the government)?
They compromised the NASA website? Why?! LulzSec exposed a CIA botnet, why would the CIA have a botnet? Isn't this botnet preying on unsuspecting users? I don't want the CIA to have a botnet, what if they decide to launch attacks on websites we use, like Daniweb?
This secrecy is against the very foundation of a free society, and remains a danger to our civil liberties, Viva La LulzSec!