[BreachExchange] Hackers, 21 and 23, admit breaking into TalkTalk's website in a huge data breach that cost the telecoms firm £77m in lost business
Destry Winant
destry at riskbasedsecurity.com
Sat Nov 17 02:50:07 EST 2018
https://www.dailymail.co.uk/news/article-6399023/Hackers-21-23-admit-breaking-TalkTalks-website.html
Two computer geeks hacked the website of telecoms giant TalkTalk in a
massive data breach costing the company £77m in lost business, a court
heard.
Connor Allsopp, 21, and Matthew Hanley, 23, were behind the plot to
steal thousands of customers’ personal and banking details in October
2015.
TalkTalk was fined a record £400,000 for security failings which
allowed the data to be accessed ‘with ease’ in one of the biggest data
breaches in history.
Peter Ratliff, prosecuting, told the Old Bailey: ‘Matthew Hanley was,
up until his arrest on 31 October 2015, a determined and dedicated
hacker.
‘He was entirely aware of the risks he was taking and the illegality
of what he was doing.
‘The counts against him reflect his actual hacking of TalkTalk, his
obtaining of computer files that were to be used for hacking, his
supplying of computer files to others to enable them to hack and his
supply of material - the personal and financial data of TalkTalk
customers - to another for the purposes of fraud.’
Mr Ratliff explained that Hanley gave Allsopp a computer file
containing the personal data of TalkTalk customers and Allsopp then
passed it on to an online user known as ‘Reign’.
Before Hanley was arrested, he erased the content of his computer and
police were unable to restore it.
‘The evidence against him comes, in the main, from the material stored
on his computer after he wiped it, and from Skype conversations he
held with numerous online users,’ said Mr Ratliff.
The laptop which Allsopp was using at the time of the offences has
never been recovered. He claims it was destroyed in a house fire.
In one of his Hanley’s online conversations with a user called
‘Simplyediting’, he boasted: ‘I’m dumping the TalkTalk ISP database
haha’.
‘Dumping’ means exporting hacked information to a file on the hacker’s device.
When officers came to Hanley’s house to arrest him he was in bed, and
told them: ‘I know who did it. It wasn’t the 15-year-old kid. They
used his servers but it wasn’t him’.
The majority of the hacking took place between October 16 and 21,
2015, the Old Bailey heard.
TalkTalk became aware of ‘potential latency issues’ on its website and
began an investigation on 21 October.
CEO of the company, Dido Harding, then received demands for Bitcoins
in return for the stolen data, which included customers’ names, email
addresses, mobile numbers, home addresses and dates of birth.
It is believed that 1,707 tables with 439,365,020 rows of data -
1,662,367 of which contained sensitive date - were taken by the
hackers.
‘The total loss to TalkTalk as a result of the attack, as estimated by
TalkTalk’s Chief Financial Officer, is £77million,’ said Mr Ratliff.
Hanley, of Tamworth, Staffordshire, admitted supplying an article for
use in fraud, obtaining and supplying articles for use in a Computer
Misuse Act 1990 offence, and causing a computer to perform a function
with intent to secure unauthorised access to a program or data.
Allsopp, from Tamworth, admitted supplying an article for use in fraud
and supplying articles for use in a Computer Misuse Act 1990 offence.
The pair will be sentenced at the Old Bailey on Monday.
More information about the BreachExchange
mailing list