MLT (hacktivist)

Matthew "MLT" Telfer
Born1994
NationalityBritish
EducationNorthumbria University
Years active2006 - Present Day[1]
Known forFormer affiliation with TeaMp0isoN

MLT, real name Matthew Telfer,[2][3] (born 1994) is a cybersecurity researcher, former grey hat computer hacker and former member of TeaMp0isoN. MLT was arrested in May 2012 in relation to his activities within TeaMp0isoN, a computer-hacking group which claimed responsibility for many high-profile attacks, including website vandalism of the United Nations, Facebook, NATO, BlackBerry, T-Mobile USA and several other large sites in addition to high-profile denial-of-service attacks and leaks of confidential data. After his arrest, he reformed his actions and shifted his focus to activities as a white hat cybersecurity specialist. He was the founder of now-defunct[4] Project Insecurity LTD.[5]

History

[edit]

Believed to be the former co-leader and spokesperson of TeaMp0isoN,[6] MLT, along with Junaid Hussain and other hackers targeted many large websites and corporations over a two-year period, from 2010 up until 2012 when both individuals were arrested. The group first gained popularity after targeting infamous hacking collective LulzSec, releasing personal information on their members and purporting to have hacked their websites, they then went on to target sites such as NATO, and various government officials from the United Kingdom and United States of America .[7] The arrests finally came as a result of the probe into the alleged hacking and wiretapping of the British Security Services Anti-Terrorism Hotline.[8]

MLT was the former hacking partner[9] of Junaid Hussain, who later went on to join ISIS and was killed in a drone strike[10] by the US Government after becoming the third highest target on their 'kill list' due to his role in inspiring international lone-wolf terrorism alongside his hacking activities for ISIS under the banner of Islamic State Hacking Division. It was reported by Vice that Junaid Hussain remained in contact with MLT while in Syria, and that he used to occasionally ask for advice relating to hacking or would sometimes even openly boast about his activities within ISIS to MLT.[11]

Arrest

[edit]

On 9 May 2012, MLT was arrested in Newcastle upon Tyne by the Metropolitan Police who released a statement saying: "The suspect, who is believed to use the online 'nic' 'MLT', is allegedly a member of and spokesperson for TeaMp0isoN ('TeamPoison')--a group which has claimed responsibility for more than 1,400 offences including denial of service and network intrusions where personal and private information has been illegally extracted from victims in the U.K. and around the world".[12]

It was reported that MLT could have faced up to 10 years in prison for the events leading to his arrest.[13]

Recent activity

[edit]

In May 2015, someone purporting to be MLT featured on CNN, speaking to them about Junaid Hussain and claiming that he witnessed him appear on video chat once as a 'black power ranger' while wielding an AK-47.[14] In August 2015, MLT featured on Episode 5 of the TV show Viceland Cyberwar where he spoke about subjects ranging from the security of autonomous cars to the death of his former hacking partner.[15][16]

In 2016, Matthew identified and reported vulnerabilities to eBay[17] and the U.S. Department of Defense.[18] He has stated that he avoids illegal activities and instead dedicates his time to participating in bug bounty programs.[1]

In 2022, MLT appeared as a guest on Darknet Diaries. In this episode the history of TeaMp0isoN and some of the high profile hacks that MLT undertook are discussed, as well as the relationship between MLT and Junaid Hussain. At the same time He was active in the security research group 0xFFFF, as well starting his own group known as 0dayz4dayz which is now defunct.

Currently MLT works as a bug bounty finder as well as a zero-day exploit developer. On the side he is helping found the group Cult of the Lost Callstack.

Career

[edit]

Matthew was the founder and chief executive officer of now-defunct Project Insecurity LTD, an exploit research group and educational platform.

References

[edit]
  1. ^ a b "TeaMp0isoN member interview". Security Affairs. August 2016. Retrieved 2016-09-20.
  2. ^ Francisco, Shaun Nichols in San. "Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities". www.theregister.com.
  3. ^ Hobbs, Andrew (August 8, 2018). "Critical security flaws found in popular medical records software".
  4. ^ "PROJECT INSECURITY LTD - Overview (free company information from Companies House)". find-and-update.company-information.service.gov.uk.
  5. ^ "PROJECT INSECURITY LTD - Officers (free information from Companies House)". find-and-update.company-information.service.gov.uk.
  6. ^ "Teenager arrested accused of computer hacking". Sky News. 2012. Retrieved 2017-07-09.
  7. ^ Deception in the Digital Age, exploiting and defending human targets. Cameron H. Malin. 2017. Retrieved 2016-09-20.
  8. ^ "TeaMp0isoN Hacks Met Police Anti-Terror Hotline". Sky News. 2012. Retrieved 2016-09-20.
  9. ^ "How a Teenage Hacker Became the Target of a US Drone Strike". Vice. August 2016. Retrieved 2016-09-20.
  10. ^ "British Born ISIS hacker killed in drone strike". The Independent. August 2015. Retrieved 2016-09-20.
  11. ^ "British Hacker is No. 3 on Pentagon kill list". The Sunday Times. August 2015. Archived from the original on September 21, 2015. Retrieved 2016-09-20.
  12. ^ "teampoison hacker suspect has anonymous ties". darkreading.com. 2012-05-11. Retrieved 2016-09-20.
  13. ^ "teenager arrested over teampoison hacking attacks". telegraph.co.uk. 2012-05-10. Retrieved 2016-09-20.
  14. ^ "ISIS jihadi linked to Garland attack has long history as hacker". CNN. May 2015. Retrieved 2016-09-20.
  15. ^ "Cyberwar: Syria's Cyber Battlefields". Viceland. August 2015. Retrieved 2016-09-20.
  16. ^ "MLT on the Future of Hacking". Viceland. August 2015. Retrieved 2016-09-20.
  17. ^ "eBay XSS bug left users vulnerable to (almost) undetectable phishing attacks". Sophos. January 2016. Retrieved 2016-09-20.
  18. ^ "Researcher Finds Several 'Serious' Vulnerabilities in US Military Websites". Vice. January 2016. Retrieved 2016-09-20.