Sophos Cloud Optix
A hacking group known as TeaMp0isoN have published private information belonging to former Prime Minister Tony Blair.
TeaMp0isoN have been in the news recently for allegedly hacking into a web site they claimed belonged to a member of LulzSec.
This time they targeted a webmail server used by Tony Blair in December of 2010. It is unclear why they waited for so long to disclose the breach and there is no evidence as of yet to confirm their story.
The information disclosed includes “Tony Blair Office Members Information, Tony Blair Address & Phone Book (Includes family, friends, MPs & lords) and Katie Kay Curriculum vitae (Tony Blairs special adviser).”
Information on Mr. Blair’s friends and colleagues includes names, home addresses, home, work and cell phone numbers and email addresses. Additionally Mr. Blair’s National Insurance Number (NIN) and Ms. Kay’s CV (resume) are also included in the dump.
We don’t know what specific flaws were exploited in this attack, but seeing that it is a webmail server the most likely method was SQL injection. It is extremely important to keep web servers patched and up to date, especially if they are running Linux using commonly exploited CMSs, webmail solutions and blogging software.
This attack like many we have reported on this year appears to be politically motivated. The TeaMp0isoN attackers called Mr. Blair a war criminal in a Twitter post and much of the language used is derogatory.
Serisouly, you'd assume the proble lies with the Hackers but the reality of it is clearly that such important public figures should and have the duty to protect their sensible information with the most advanced technologies and shouldn't be able to be hacked in the first place.
Go back to keeping all this data on paper then…
So following your logic, the rape victim deserved it and the murder victim had it coming?
To be fair, old Tony was a New Labour politician – the same breed as the ministers who refused to acknowledge their 'secure' ID cards had been totally compromised and cloned several years ago, who told thought there could be total security and 'total lockdown' when it came to their National Identity Register's database.
It's this kind of arrogance and complacency, coupled with market speak from dodgy IT contractors with little knowledge of information security, that leaves people open to all kinds of attack.