CyberCrimeSecurity

Teenager Pleads Guilty To TalkTalk Hack Offences

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Follow on: Google +

17 year old hacker says he was just “showing off” when he caused major data breach at TalkTalk

A 17 year old hacker has admitted offences related to the massive data breach at TalkTalk last year.

According to the BBC, the boy told Norwich Youth Court he was just “showing off” and used tool software to identify vulnerabilities on the TalkTalk website.

He pleaded guilty to seven charges under the computer Misuse Act and will be sentenced on 13 December.

TalkTalk hack

TalkTalk-FTTP-2TalkTalk was fined a record £400,000 by the Information Commissioner’s Office (ICO) for its failures that allowed the breach to take place. The ICO found that TalkTalk could have avoided the cyber attack if it took a few basic security steps to protect the information it holds on its customers.

The technical weaknesses in TalkTalk’s security meant that between 15 and 21 October 2015, a hacker was able exploit holes in the system and swipe data, such as the names, addresses, date of birth and phone numbers of 156,959 customers.

The attacker also managed to gain access to the bank account details and sort codes of 15,656 customers, making the data leak that bit more severe.

The attack on TalkTalk happened when data was accesses through the hacking of three vulnerable webpages the company inherited from Tiscali’s UK business in 2009. TalkTalk’s failure to scan this infrastructure to find security vulnerabilities was what caused the fine.

TalkTalk was apparently not aware of the fact the underlying database to the webpages was outdated and lacked support from its vendor. As such, TalkTalk was not aware of a bug, which has a fix for it, was lying amongst the infrastructure.

“In spite of its expertise and resources, when it came to the basic principles of cyber-security, TalkTalk was found wanting,” Information Commissioner Elizabeth Denham said earlier this month.

The episode led to MPs to recommend greater powers for the ICO. However the reputational damage and losses directly caused by the company were arguably greater. It is understood the incident cost TalkTalk £60 million and led to 101,000 customers to leave. It has since recovered.

Quiz: What do you know about fibre broadband?