Team Poison, Anonymous campaigners claim first victims of OpRobinHood
Phantom reports cracking two banks sites without touching data, to protect the 99%
Team Poison and Anonymous – AKA PoisAnon when referring to the portion of each group working in cooperation to hack and harass commercial banks – have counted coup in the campaign they call Operation Robin Hood, but didn't actually draw blood.
The alliance of a subset of Anonymous and Team Poison (which spells itself TeaMp0isoN, keeps a fan page on Facebook) announced yesterday they were launching Operation Robin Hood (#OpRobinHood).
OpRobinHood is a campaign to attack and, where possible, defraud large commercial banks for the benefit of the same mass of non-rich, non-powerful majority the Occupy Wall Street movement protests were organized to represent against what organizers called the economic injustice and exploitation by the banks, brokers and investment houses that make up the global financial industry.
Though both TeamPoison and Anonymous have attacked banks and financial-services companies in the past, neither has overtly tried to steal from or defraud the banks.
The first two successes touted by PoisAnon sticks to the hacktivist ethic that allows sabotage against large corporations but frowns on outright theft.
TeamPoison member or affiliate Phantom~, claimed to have found a flaw in the security of National Bank of California and that SQL injection and XSS exploits cracked the first line of security at the First National Bank of Long Island's main site, according to a description posted on PasteBin by Phantom~.
Neither bank has publicly admitted any damage or even illicit access.
According to Phantom's writeup of what the description referred to as 'research,' both banks were cracked, but none of the databases or customer information were touched.
"Why? Because innocent people could get money lost if I did, so this is just [a] warning for you to withdraw your money from banks," Phantom~ wrote.
That's more in line with the fair-play principles the Occupy movement advocated and the more traditional hacker ethic of harrying the rich and powerful while ignoring or protecting the little guy.
Hacktivists aren't always so careful. The reign of annoyance Anonymous-affiliates LulzSec conducted this summer frequently hurt the little guy by exposing personally identifiable private data from the hacks of members. So did the serial hacks of various Sony networks.
The PoisAnon announcement of OpRobinHood warned that the attacks would extract money from banks using credit cards and other means, but didn't say how.
It did warn those belonging to what the Occupy movement refers to as "the 99%" of society to move their money out of large banks and into credit unions, where it would be safe from attacks by PoisonAnon or other groups.
However they accomplish extortion, fraud or extraction, PoisonAnon does not intend to damage the little guys they claim to represent.
"The only ones to be victimized in this Operation is the rich," according to tweets from OpRobinHood leader _f0rsaken. "Stop complaining & worrying 99%! Donations to Shelters start soon #OpRobinHood."
Attacks or claims to have penetrated banks in California and Long Island, however, are designed to make the point that defacing web sites, stealing passwords and camping out in public parks aren't the only ways populist hacktivist groups can cause trouble for big companies.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.