Categories: Security

Boy Arrested In Northern Ireland Over TalkTalk Hack

Police have arrested a 15-year-old boy in Northern Ireland in connection with the TalkTalk cyber-attack, in the first major development since the breach was disclosed last Thursday.

The boy, who has not been named, was arrested in County Antrim on Monday afternoon by officers from the Police Service of Northern Ireland working with detectives from the Metropolitan police’s cybercrime unit (MPCCU), according to police.

Questioning

He was arrested on suspicion of offences under the Computer Misuse Act and taken for questioning to a County Antrim police station, police said, adding that a search of the teenager’s address is underway.

“We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police,” TalkTalk said in a statement. “We will continue to assist with the ongoing investigation.”

Also on Monday culture minister Ed Vaizey told the House of Commons an inquiry into the hack is to be launched by Jesse Norman, chair of the culture, media and sport select committee, calling the incident “very serious”.

TalkTalk, for its part, has tried to downplay the import of the hack, saying that data such as credit and debit card numbers do not seem to have been compromised, although information such as bank account numbers and sort codes “may have been accessed”.

Exit fees

The company said it would only waive termination fees for customers wishing to switch providers mid-contract “in the unlikely event that money is stolen from a customer’s bank account as a direct result of the cyber-attack”.

It specified that this wouldn’t apply in the case, for instance, of customers who lost money to scammers making use of stolen customer data to make their ploys more believable. A number of TalkTalk users have already fallen prey to such scams as a result of past TalkTalk data breaches, according to reports.

“We would like remind customers that banking or other personal details are increasingly being used by criminals as part of phone, email or text scams,” TalkTalk acknowledged.

TalkTalk has insisted it had adequate security in place. The company faces a maximum fine from the Information Commissioner’s Office (ICO) of £500,000 if the breach is found to have resulted from lax practices on TalkTalk’s part.

SQL injection attack

The company has said a distributed denial of service (DDoS) attack was launched against its website to distract from a more serious attack called a SQL injection.

The SQL injection technique allows a successful attacker to request arbitrary data from the database behind the application being attacked, meaning that “it would be prudent to assume that all data kept within the database is now compromised,” said Wim Remes, manager of EMEA strategic services at security firm Rapid7.

He said the tactic of inundating a server with traffic to conceal another attack is “very common”.

“By distracting the target, the attacker buys more time to focus on the assets they are really after,” Remes said. “Organisations can address this by implementing multi-layer monitoring systems.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

58 mins ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

1 hour ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

2 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

18 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

19 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

20 hours ago