Two miscreants were sent down by the Old Bailey yesterday for their role in the 2015 hacking of UK ISP TalkTalk.
Matthew Hanley, 23, and Connor Allsopp, 21, both of Tamworth in Staffordshire, were jailed for 12 and eight months, respectively, by the judge, Anuja Dhir QC. The pair pleaded guilty last year to various charges related to the cyber-attack, in which more than 150,000 TalkTalk subscriber records were siphoned off.
Essentially, Hanley hacked the ISP's website after learning of SQL injection vulnerabilities in the code, and gave the swiped personal data to Allsopp to sell to online fraudsters. Both men also revealed details of how they broke into the site to other people to then exploit. Investigators recruited by TalkTalk in the aftermath of the network infiltration believe as many as 10 people were involved.
Dhir thought Hanley was a "dedicated hacker," and added that both he and Allsopp were apparently "individuals of extraordinary talent." In a strange twist, the court heard how Hanley and Allsopp were also caught with stolen login details to NASA systems, handed over to them by a Skype contact as a gift.
In November 2016, a 17-year-old pleaded guilty in a Norwich Youth Court to breaking the Computer Misuse Act for his role in the TalkTalk hack – he had used tools to scan the ISP's website for vulnerabilities, slurped thousands of subscriber records as a result, and shared details of the holes with other hackers. He received a rehabilitation order, and had his iPhone confiscated.
Scammers hired hundreds of 'staff' to defraud TalkTalk customersREAD MORE
The attacks came to light in the wake of a mysterious outage at the broadband ISP on October 21, 2015. After avoiding responding to The Register's inquiries for some time, it eventually emerged that miscreants had poked around TalkTalk's website exploiting SQL-injection bugs, and that personal information had been stolen.
TalkTalk claimed the data theft cost it £77m. It also cost the broadband provider £400,000 in fines levied by the UK Information Commissioner's Office for slack security that allowed unencrypted customer records to be lifted.
In 2016, Daniel Kelley, then 19, was arrested, charged, and later admitted committing computer crimes: as well as hacking TalkTalk, he also tried to extort 465 Bitcoins from then-CEO Dido Harding.
Earlier this year, Harding attributed the hack to legacy technology she described as "the IT equivalent of an old shed in a field that was covered in brambles." ®