[BreachExchange] Convicted TalkTalk hacker warns budding cybercriminals about the dangers of a life of crime

[Audrey McNeil]

http://www.ibtimes.co.uk/convicted-talktalk-hacker-
warns-budding-cybercriminals-about-dangers-life-crime-report-1607920

UK telecom giant TalkTalk was the target of a massive cyberattack in 2015,
which saw hackers steal157,000 customers' card data. The TalkTalk hack
reportedly resulted in the firm sustaining a loss of around £60m and losing
nearly 100,000 customers to the competition. Daniel Kelly, 19, one of the
several hackers arrested for carrying out the attack and facing up to 14
years in prison, is now reportedly warning budding hackers about the
dangers of getting into the murky world of cybercrime.

Kelly, who recently admitted to blackmailing Talk Talk as well, is now
cautioning wannabe hackers not to follow in his footsteps. In a recent
statement, Detective Chief Inspector Jason Tunn, from the Metropolitan
Police Falcon Cyber Crime Unit (MPCCU), characterised Kelly as a "prolific
and calculating cyber-criminal".

"It's really crazy to think that he's talking to me but I guess that's how
they look at it. What I've done is essentially going to haunt me for the
rest of my life," the hacker told Motherboard.

Kelly claimed he was interested in computers throughout school but that the
small town of Llanelli in South Wales, where he hails from, didn't offer
much in helping him hone his skills.

"There's not much to do, and the internet offered me opportunities and a
way to cure boredom," he said.

The hacker allegedly participated in a few bug bounty programmes, only to
eventually be drawn into more malicious activities.

"When you're surrounded by people on these networks that engage in these
criminal acts it essentially becomes a norm, and it's extremely addicting.
There's nobody around to tell you what you're doing is wrong," Kelly said.
"It's a difficult feeling to explain, but it's essentially a feeling of
euphoria, and once you've experienced it, it's something that you always
chase. It's a bit like a drug, but on a whole different level obviously.
And the more you develop your skills, the stronger the feeling becomes
because you're able to do more things."

Kelly's arrest does not appear to have stopped his interest in
cybersecurity. Motherboard reports that he has taken to informing NHS about
security vulnerabilities and is also running a service to notify those
affected by data breaches.

"I know that it's probably the advice they were expecting, but seriously —
don't do it," he said, imagining what he would tell other young people who
may get into cybercrime. "Crimes online are treated no different from
crimes in the real world, I've had to learn that the difficult way. You
might assume that you're more or less invincible but if you do something
serious enough, you'll be caught and put through the justice system."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170222/05744c4d/attachment.html>