RIM Blog Hacked After Police Offered BBM Access

As London burned, Team Poison hacked RIM’s Inside BlackBerry blog to protest against company helping police

A group of hackers defaced Research In Motion’s BlackBerry blog to protest the company’s plans to help United Kingdom police apprehend individuals involved in the London riots.

After reports emerged that rioters in London and surrounding areas were using their BlackBerry free Messenger systems and Twitter to communicate with other like-minded individuals, RIM said it will work with the police regarding its customers communications. Less than 24 hours later, Team Poison, a hacker group, defaced the Inside BlackBerry blog and posted a message blasting the company for offering to help the police.

Police Help Not Specified

RIM declined to specify exactly what is included in its offer of assistance. BlackBerry Messenger communications, like all other forms of BlackBerry transmissions, are encrypted and the company has said in the past that it cannot decrypt them. Even though Team Poison does not really know what the smartphone giant is going to do, the group threatened to release a database containing personal information belonging to RIM employees.

“You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a BlackBerry will get charged for no reason at all,” the group wrote in a rambling post on the Inside BlackBerry blog site, adding that the police were “looking to arrest as many people as possible to save themselves from embarrassment”.

London and other cities in the United Kingdom have been rocked by looting, arson and rioting for the past four days. Starting in Tottenham as a response to the shooting of an alleged drug dealer, Mark Duggan, the violence no longer seems to have any focus other than looting. Many of those responsible are believed to be teenagers using their BlackBerry smartphones and the free Messenger instant messaging service to take pictures of their loot and coordinate where to go next.

“We feel for those impacted by the riots in London. We have engaged with the authorities to assist in any way we can,” the Canadian smartphone company posted on Twitter.

RIM co-operates with local telecommunications operators, law enforcement and regulatory officials around the world and complies with the Regulation of Investigatory Powers Act (RIPA) in the UK, the company said in a statement. It will co-operate “fully” with the Home Office and police in the investigation into the riots.

Removed Post Reappeared

RIM’s tech team immediately removed the offending post from the blog but it reappeared almost immediately. “Deleting posts wont get u far, try find out ho we got in and patch ur [blog, OK, thanks, goodbye],” Team Poison hacker TriCk suggested on Twitter.

Although TriCk claims that the hack took less than five minutes, it was not clear at this point whether Team Poison found a software vulnerability on the blog platform or if it compromised an administrator’s password, according to Graham Cluley, senior technology consultant at Sophos.

“If you do assist the police by giving them chat logs, GPS locations, customer information & access to peoples Blackberry Messengers you will regret it,” Team Poison threatened. The group also suggested that once the information was public, the rioters would go after RIM employees for collaborating with the police.

BlackBerry Messenger is free to use, unlike text messages, and can be used by groups to communicate privately. BlackBerry devices are also relatively cheaper than Android phones and iPhones in the United Kingdom, making them popular among British teenagers, Cluley wrote on the NakedSecurity blog. According to a recent report from Ofcom, the regulatory authority for broadcasting and telecommunications, 37 percent of British teenagers carry a BlackBerry.

“The ‘viral civil unrest’ has been spreading for several days now, and reportedly, RIM’s BlackBerry Messenger is one of the viral components would-be anarchists have used to organise themselves,” Mikko Hypponen, chief research officer at F-Secure, wrote on the F-Secure blog. He called Team Poison’s attack “rather predictable”, noting that RIM’s message prompted hacktivists to lash out.