ICO: Three-Year-Olds Can Hack Websites

Corporate firms really need to tighten their collective cyber security belts, after the Information Commissioner told MPs that even a three-year old can be taught how to hack a website.

Christopher Graham made the comments during questioning by the Commons Culture, Media and Sport Committee in the wake of the hack of ISP TalkTalk in October, in which 157,000 people had personal details accessed.

Child’s Play

He told the MPs that hacking into company websites has become so simple that even a three-year-old can be shown how to do it.

Graham cited the easy availability of online “how to do it” guides, which provide simple instructions on how to stage a cyberattack that even a small child could follow.

“You can get on the internet lots of ‘how to do it’ videos including one… which shows a cyber expert showing his three-year-old child how to break into a company website,” Graham was quoted as telling MPs by Sky News.

“Companies ought to be as canny as the clever people out there who are probably breaking the Computer Misuse Act and a few other bits of legislation,” he reportedly said. “The threat from three-year-old children should not be taken lightly.”

The easy availability of these hacking guides was also mentioned by Simon Rice, ICO group manager

“You can go onto YouTube, you can go into your favourite online search engine and type in ‘how do I do an SQL injection attack?’ [a type of cyber attack] and you will get a range of tutorials, both paper documents and videos, to demonstrate how to do it,” said Rice. “There are a lot of automated tools, that essentially a three-year-old can press the button.”

Late last year for example, the hacker collective Anonymous released a “noob guide” that showed how people could join its hacking efforts to take down the online presence of Islamic State (ISIS).

TalkTalk Investigation

The House of Commons culture, media and sport select committee launched an inquiry into the TalkTalk hack late last year. Indeed, TalkTalk CEO Dido Harding has already given evidence to the committee.

The Information Commissioners Office (ICO) is also investigating the TalkTalk data breach, and although Graham did not reveal any specific details about the ICO’s investigation into TalkTalk, he did confirm that he hoped the probe would be completed before the end of 2016.

The Information Commissioner and urged other firms to make sure they had precautions in place to ensure they were not victims of similar attacks.

“Any other company with half a brain should be checking their systems now to make sure that they don’t land up in the same situation,” he reportedly said.

Before Christmas, Codified Security told TechweekEurope that it was concerned that TalkTalk had not learned its lessons from the hack, and remains vulnerable to another cyber attack after researchers discovered ongoing vulnerabilities.

Martin Alderson, Codified’s chief technology officer told TechWeekEurope that he nearly “fell off his chair” when he discovered the flaws, especially in light of the devastating hack.

But TalkTalk insisted that it was taking its security seriously and was using “industry experts” to test its cyber security.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Indian Tribunal Suspends Meta’s Data Sharing Ban

After Meta had warned that India's data sharing ban could collapse WhatsApp's business model, tribunal…

25 mins ago

UK’s CMA Begins Probe Into Apple, Google Mobile Ecosystems

British regulator confirms investigation of Apple and Google's domination of app stores, operating systems, and…

2 hours ago

Samsung Touts AI Features With Galaxy S25 Smartphones

Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…

4 hours ago

LinkedIn Sued Over Alleged Use Of Private Messages To Train AI

Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…

6 hours ago

Amazon To Shutter Sites In Unionised Province In Canada

1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…

21 hours ago

Google Wins UK Injunction To Halt Russian Enforcement Of Judgements

Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements

23 hours ago