A hacking group known as TeaMp0isoN have published private information belonging to former Prime Minister Tony Blair.
TeaMp0isoN have been in the news recently for allegedly hacking into a web site they claimed belonged to a member of LulzSec.
This time they targeted a webmail server used by Tony Blair in December of 2010. It is unclear why they waited for so long to disclose the breach and there is no evidence as of yet to confirm their story.
The information disclosed includes “Tony Blair Office Members Information, Tony Blair Address & Phone Book (Includes family, friends, MPs & lords) and Katie Kay Curriculum vitae (Tony Blairs special adviser).”
Information on Mr. Blair’s friends and colleagues includes names, home addresses, home, work and cell phone numbers and email addresses. Additionally Mr. Blair’s National Insurance Number (NIN) and Ms. Kay’s CV (resume) are also included in the dump.
We don’t know what specific flaws were exploited in this attack, but seeing that it is a webmail server the most likely method was SQL injection. It is extremely important to keep web servers patched and up to date, especially if they are running Linux using commonly exploited CMSs, webmail solutions and blogging software.
This attack like many we have reported on this year appears to be politically motivated. The TeaMp0isoN attackers called Mr. Blair a war criminal in a Twitter post and much of the language used is derogatory.