MLT (hacktivist)
MLT, real name Matthew Telfer,[7][8] (born 1994) is a current cybersecurity researcher, former black hat computer hacker and former member of TeaMp0isoN. MLT was arrested in May 2012 in relation to his activities within TeaMp0isoN, a computer-hacking group which claimed responsibility for many high-profile attacks, including website vandalism of the United Nations, Facebook, NATO, BlackBerry, T-Mobile USA and several other large sites in addition to high-profile denial-of-service attacks and leaks of confidential data. Another reason for MLT's arrest was due to his role in operating bitst0rm, a malicious hacking group with a particular emphasis on targeting known figures within the Computer Security Industry.[9][10] Currently, MLT is an Ethical Hacker, appearing to have changed his ways. MLT now responsibly discloses security flaws to affected companies, and he has publicly documented and helped remediate security flaws in over two thousand separate websites within recent years.[11] MLT now works in the Computer Security Industry and also runs his own Cyber-Security firm named Project Insecurity LTD.[12]
Matthew "MLT" Telfer[1] | |
---|---|
Born | 1994 |
Nationality | British |
Other names | Nicknames include "jmpeax", "ret2libc", "popeax", "POP_POP_RET", or simply "M" - there are many alternative names used by this individual although "MLT" appears to be the most popular nickname[2][3][4] |
Education | Northumbria University |
Occupation | Chief Executive Officer at Project Insecurity LTD, Freelance Bug Bounty Hunter, UK Chapter lead at GDI Foundation, and Content Writer for Secjuice Magazine [5] |
Years active | 2006 - Present Day[6] |
Known for | Former affiliation with TeaMp0isoN, Computer Security Research, Bug Bounties, Exploit Development |
Website | https://mlt.sh/ |
History
Believed to be the former co-leader and spokesperson of TeaMp0isoN,[13] MLT, along with Junaid Hussain and other hackers targeted many large websites and corporations over a two year period, from 2010 up until 2012 when both individuals were arrested. The group first gained popularity after targeting infamous hacking collective LulzSec, releasing personal information on their members and purporting to have hacked their websites, they then went on to target sites such as NATO, and various government officials from the United Kingdom and United States of America .[14] The arrests finally came as a result of the probe into the alleged hacking and wiretapping of the British Security Services Anti-Terrorism Hotline.[15]
MLT also operated a Black Hat hacking group known as bitst0rm which targeted the Computer Security industry in particular. It appears bitst0rm had a similar Modus operandi to that of other hacking groups within the Anti-Security Movement. Some of the targets of bitst0rm were individuals such as Kevin Mitnick and Dan Kaminsky as well as companies including Norton, F-Secure, Stack Exchange and Stack Overflow Q&A sites, hak5.org, and Metasploit Project.[16] After MLT's arrest, bitst0rm finally disbanded.
MLT was suspected of having direct ties to the global hacking collective, Anonymous,[17] and states that he started his hacking career from an early age of around 12 or 13.[18] The popular computer vigilante known as The Jester has accused MLT of having ties to Crackas With Attitude,[19] a blackhat group that leaked several government documents pertaining to the CIA and FBI.[20] MLT was also suspected of having ties to the blackhat hacking group known as Lizard Squad, as suggested by cybersecurity intelligence firm IntelCrawler LLC in a threat intelligence report that was released.[21] These claims were also supported by The Jester.[22]
MLT was the former hacking partner[23] of Junaid Hussain, who later went on to join ISIS and was killed in a drone strike[24] by the US Government after becoming the third highest target on their 'kill list' due to his role in inspiring international lone-wolf terrorism alongside his hacking activities for ISIS under the banner of Islamic State Hacking Division. It was reported by Vice that Junaid Hussain remained in contact with MLT while in Syria, and that he used to occasionally ask for advice relating to hacking or would sometimes even openly boast about his activities within ISIS to MLT.[25]
MLT states that his "Greatest hacking challenge" was gaining administrative access to Facebook as it required him to think outside of the box and employ techniques that he usually would not attempt. He also states that the "funniest hack" he carried out was gaining access to a United States Army Web Server by reading the contents of the publicly disclosed passwd file then simply using the password to login to a publicly-accessible Secure Shell interface in order to connect to the server back-end as a Superuser (Also known as a root user, the highest possible user permissions on a Linux-Based or Unix-Based system)[26][27].
Arrest
On Wednesday 9 May 2012, MLT was arrested in Newcastle upon Tyne by the Metropolitan Police who released a statement saying: "The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world,"[28]
It was reported that MLT could have faced up to 10 years in prison for the events leading to his arrest.[29] Junaid Hussain who was also arrested in relation to the same offences received a 6 month sentence under the Computer Misuse Act and the Malicious Communications Act after pleading guilty to hacking the email account of Tony Blair, the former British Prime Minister.[30]
Recent activity
In more recent years, Matthew Telfer has focused his attention on legitimate security research rather than malicious Black Hat hacking. He has identified and reported critical vulnerabilities in sites such as eBay[31] and the U.S. Department of Defense[32] and states that he avoids illegal activities and instead dedicates his time to participating in Bug Bounty Programs.[33]
In May 2015, someone purporting to be MLT featured on CNN, speaking to them about Junaid Hussain and claiming that he witnessed him appear on video chat once as a 'black power ranger' while wielding an AK-47.[34] In August 2015, MLT featured on Episode 5 of the TV show Viceland Cyberwar where he spoke about subjects ranging from the security of autonomous cars to the death of his former hacking partner.[35][36]
In early 2016, MLT released a blog post titled "An intro to advanced Phishing techniques" which appears to have contained the first ever publicly documented mention of the method to bypass Punycode protections put in place to prevent IDN Homograph Attacks (A form of URL spoofing attack also known as Script Spoofing) from being carried out in all major web browsers.[37] Although a Chinese Security Researcher named Xudong Zheng was credited for discovering this particular bypass method, he did not post it until April 2017, indicating that it was discovered and publicly disclosed by MLT fourteen months prior to the discovery by Xudong Zheng.[38]
In 2017, MLT appears to have shifted his focus to exploit development, publishing several zero-day vulnerabilities online under the banner of a group known as Project Insecurity.[39]
In 2019, he opened a Q&A on Reddit, where he answered questions from users.
Career
After his arrest, Matthew Telfer shifted his focus towards legitimate security research rather than illegal activities.
Matthew Telfer is the founder and Chief Executive Officer of Project Insecurity LTD, an exploit research group and educational platform responsible for identifying security flaws in software used by a number of high-profile websites, some examples being Google, Twitter, PayPal, Bank of America, Kaspersky, AT&T, Tesla, Verizon Media, and Sony, among many other websites.
In addition to this, Matthew Telfer is widely known for his work within the Bug Bounty Community, having identified and reported flaws in websites such as PayPal, Microsoft, eBay, Imgur Amazon, FBI, CIA, Sony, United States Department of Defense, Federal Government of the United States, and several-thousand other high-profile websites.[40]
Matthew Telfer is listed as the UK Chapter Lead for GDI Foundation, a non-profit international humanitarian group operated by Victor Gervers.[41] The purpose of GDI Foundation is to defend the free and open internet through means of responsible disclosure and remediation of security flaws. It is a global foundation with its headquarters in The Netherlands[42] and its goal is to safe-guard and protect the open internet through responsible disclosure carried out by a number of volunteers.[43] This organization has helped many researchers disclose a large number of critical security flaws, and has also shed light on surveillance by the Chinese Government through various breaking news stories[44][45]. GDI Foundation also exposed to the public the fact that various high-profile dating applications were collecting data from users' chat history.[46]
Matthew Telfer also does Freelance writing for SecJuice Magazine, with informative tutorials covering topics such as how to secure yourself online and how to identify security vulnerabilities.[47]
References
- https://www.theregister.co.uk/2018/08/07/openemr_vulnerabilities/
- https://twitter.com/POP_POP_RET
- https://twitter.com/jmpeax
- https://instagram.com/pop_eax_
- https://uk.linkedin.com/in/matthew-telfer-bb2325167
- http://securityaffairs.co/wordpress/49735/hacking/teamp0ison-member-interview.html
- https://www.theregister.co.uk/2018/08/07/openemr_vulnerabilities/
- https://internetofbusiness.com/critical-security-flaws-found-in-popular-medical-records-software/
- Introduction to cyberwarfare: a multidisciplinary approach. 2013.
- "British Cops Arrest Third Teampoison Hacker". NBC. 2012. Retrieved 2016-09-20.
- https://www.openbugbounty.org/researchers/MLT/
- https://beta.companieshouse.gov.uk/company/11545346/officers
- "Teenager arrested accused of computer hacking". Sky News. 2012. Retrieved 2017-07-09.
- Deception in the Digital Age, exploiting and defending human targets. Cameron H. Malin. 2017. Retrieved 2016-09-20.
- "TeaMp0isoN Hacks Met Police Anti-Terror Hotline". Sky News. 2012. Retrieved 2016-09-20.
- "Archived copy". Archived from the original on 2012-11-19. Retrieved 2012-11-19.CS1 maint: archived copy as title (link)
- Introduction to cyberwarfare: a multidisciplinary approach. 2013.
- "teamp0ison member interview". Security Affairs. July 2016. Retrieved 2017-07-09.
- "Tcia-director-brennan-aol-hack-what-you-need-to-know". Jesters Court. 2015. Retrieved 2017-07-09.
- "cia-email-hackers-return-with-major-law-enforcement-breach". WIRED. November 2015. Retrieved 2017-07-09.
- "IC_GOP.pdf". IntelCrawler LLC. December 2014. Retrieved 2017-07-09.
- "The Stupid, it burns". The Jester. January 2015. Retrieved 2017-07-09.
- "How a Teenage Hacker Became the Target of a US Drone Strike". Vice. August 2016. Retrieved 2016-09-20.
- "British Born ISIS hacker killed in drone strike". The Independent. August 2015. Retrieved 2016-09-20.
- "British Hacker is No. 3 on Pentagon kill list". The Sunday Times. August 2015. Retrieved 2016-09-20.
- https://www.academia.edu/27828605/How_Linux_Works_What_Every_Super-User_Should_Know
- https://securityaffairs.co/wordpress/49735/hacking/teamp0ison-member-interview.html
- "teampoison hacker suspect has anonymous ties". darkreading.com. 2012-05-11. Retrieved 2016-09-20.
- "teenager arrested over teampoison hacking attacks". telegraph.co.uk. 2012-05-10. Retrieved 2016-09-20.
- "teamp0ison hacker trick pleads guilty to hacking tony blairs e-mail". threatpost.com. July 2012. Retrieved 2016-09-20.
- "eBay XSS bug left users vulnerable to (almost) undetectable phishing attacks". Sophos. January 2016. Retrieved 2016-09-20.
- "Researcher Finds Several 'Serious' Vulnerabilities in US Military Websites". Vice. January 2016. Retrieved 2016-09-20.
- "TeaMp0isoN member interview". Security Affairs. August 2016. Retrieved 2016-09-20.
- "ISIS jihadi linked to Garland attack has long history as hacker". CNN. May 2015. Retrieved 2016-09-20.
- "Cyberwar: Syria's Cyber Battlefields". Viceland. August 2015. Retrieved 2016-09-20.
- "MLT on the Future of Hacking". Viceland. August 2015. Retrieved 2016-09-20.
- https://ret2libc.wordpress.com/2016/02/01/an-intro-to-advanced-phishing-techniques/
- https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html
- "Files From Project Insecurity". Packetstorm Security. 2017. Retrieved 2016-09-20.
- https://www.openbugbounty.org/researchers/MLT/
- https://github.com/GDI-foundation
- https://www.linkedin.com/company/gdi-foundation
- https://gdi.foundation/#/
- https://www.bleepingcomputer.com/news/security/over-90-million-records-leaked-by-chinese-public-security-department/
- https://www.npr.org/2019/08/29/751116338/china-intercepts-wechat-texts-from-u-s-and-abroad-researcher-says?t=1567626693042&t=1577090302221
- https://z6mag.com/2019/06/21/tinder-match-com-and-other-dating-apps-are-collecting-data-from-your-chat-history/
- https://uk.linkedin.com/in/matthew-telfer-bb2325167