15-Year-Old Arrested For TalkTalk Attack

U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.

Sara Peters, Senior Editor

October 26, 2015

2 Min Read

A 15-year-old boy was arrested today in Northern Ireland for his suspected involvement in the cyberattacks against British ISP TalkTalk last week, according to the United Kingdom's Metropolitan Police.

Met police stated that a house was searched in County Antrim, N.I. and the boy is being held for questioning on suspicion of offenses under the U.K.'s Computer Misuse Act.

Last week, British ISP TalkTalk -- which focuses on the consumer and small business markets -- was the victim of a data breach, most likely caused by a SQL injection attack, which may have exposed data on all its 4 million customers -- including names, addresses, email addresses, phone numbers, account information, and "incomplete" financial data and truncated credit card numbers. The company has stated that not all of the data was encrypted.

One of its websites was also hit with a denial-of-service attack, which may have been used to distract TalkTalk's IT security team from the attacker's data thievery. After the incidents, the company voluntarily brought the websites back down while they investigated what happened and bolster security.

TalkTalk CEO Dido Harding on Friday told the BBC she had received a ransom demand via email. Saturday, Brian Krebs reported that sources close to the incident told him the attacker demanded £80,000 (~$122,000), payable in Bitcoin, or the company's customer records would be published. Krebs also reported that a security researcher going by the handles Fearful and Glubz had recently posted a vulnerability in a TalkTalk website and said on Twitter that they were expecting a visit from the police.

TalkTalk's CEO, Dido Harding, has been front-and-center. She began speaking to the media soon after the attack was discovered, but some of her messaging has caused greater confusion -- perhaps because of miscommunications with or misunderstandings by the internal IT team. For example, Harding told the Financial Times it was a "sequential" attack, when she meant SQL injection attack. She stated it was just a DDoS on the customer-facing Website and no core systems had been compromised, when a data breach and a doxing threat would indicate there was more to it. 

The company is working with BAE Systems and Scotland Yard on the investigation. They have not yet made any offers for credit reporting or related services to affected customers.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights