back to article Teenage boy bailed until November over TalkTalk incident

The 15-year-old boy arrested in connection with the investigation into the alleged data theft from the TalkTalk website has been bailed until a date in November. Arrested on the evening of Monday, 26 October, a 15-year-old was taken into custody by officers from the Police Service of Northern Ireland (PSNI), working alongside …

  1. chivo243 Silver badge

    this lad

    Is either a master mind hacker, a red herring or a pawn. The more I read about this incident, the murkier the water becomes.

    Wake me when it's sorted.

    1. yoganmahew

      Re: this lad

      Take a look at the youtube video linked to on another of the many talktalk threads (courtesy of Pseudo Nym It shows just how easy it is to do a sequence [sic] attack.

      TT have set new secuity standards - below slapdash. And they claim to be the best in the industry? Sounds like spoof and bluster to me.

    2. lansalot

      Re: this lad

      Option 4 (and the most likely) - a script kiddie.

    3. Anonymous Coward
      Anonymous Coward

      Re: this lad

      And regardless of which if TalkTalk had taken their role as custodians of their customers data seriously there wouldn't of been a sql injection vulnerability... if that's the truth at all, and the company wasn't breached years ago by a good old fashioned unpatched computer and an email.

    4. Bronek Kozicki

      Re: this lad

      I think it's neither. I think it's very likely a lone hacker who humiliated large firm and stole data of its customers, putting himself in a serious legal trouble in the process. Let me explain why: since this was apparently SQL injection, with the added diversion of DDoS, it should not be beyond single young and relatively talented hacker to carry this attack. Both SQL injection and DDoS are easy to perform (later can be bought), assuming website security was as poor as it (at this moment) appears to be.

      One thing that troubles me is the certainty that this lone hacker will be punished with the full severity of law, while those responsible for (not) protecting their customers data will not. And thus the hacks will continue, every time we will hear about "sophisticated attacks" and none will stop to think how come they were carried by a single teenager from his bedroom.

      1. Aitor 1

        Re: this lad

        No problem with him burning in hell.

        Yes, the victims might have had a low quality door, but if a gang of juneviles thrash your place and steal your tools and ruin you, you would agree that they should go to prison.

        1. Bronek Kozicki

          Re: this lad

          Would you allow the shop which sold you the lock made out of cheese to continue operating? Here are the real culprits.

        2. Thecowking

          Re: this lad

          That's exceptionally harsh for a minor.

          Teenagers can be amazingly stupid in some ways, what he needs is not punishment for retribution's sake. If he is indeed some mastermind expert blackhat then he needs corralling and training up as a white hat. There needs to be some element of punishment to deter him, but ideally you'd harness such a talent rather than waste it.

          The point of the justice system should be rehabilitiation where possible, not retribution. If some kids did trash my place, it'd be much better that they were put to work fixing it than costing me money in prison on top of the cost of putting my gaff right.

      2. Jason Bloomberg Silver badge

        Re: this lad

        "since this was apparently SQL injection, with the added diversion of DDoS"

        Do we know for sure there was any actual DDoS attack or active diversion; or is that just how Talk Talk and observers have characterised it, or a consequence of second guessing what actually happened?

        Talk Talk say their web site "came under sustained attack" but that could equally have been someone hammering URLs, a flood of SQL injection or login attempts, until they found the magic incantation.

        1. Bronek Kozicki

          Re: this lad

          "... but that could equally have been someone hammering URLs, a flood of SQL injection or login attempts"

          either way it does not sound like the attack was very sophisticated!

        2. jonathanb Silver badge

          Re: this lad

          If they took it down because they noticed a flood of attempted attacks, that would have stopped him before he found the magic incantation. He must have already been in before the DDOS happened, though he could have been flooding the site with download requests.

      3. Vic

        Re: this lad

        I think it's very likely a lone hacker who humiliated large firm and stole data of its customers

        I suspect not.

        We've heard several times of phone scams using data taken during this attack. That seems like quite a sophisticated crime for a 15-year old.

        My bet is that there were several groups having a go - it would appear that TT's security was somewhat south of "non-existent". This guy just got caught - perhaps he was the one that sent the extortion email or something.


    5. Anonymous Coward
      Anonymous Coward

      Re: this lad

      How did TalkTalk discover customer data had been stolen?

      The site was locked up by a DDoS attack and they found evidence of the theft when they were looking through the log files? They don't seem like the sort of company to have tripwires and honeypots scattered around.

      So this vulnerability could have been exploited by goodness knows how many people before last week for all they know?

  2. Your alien overlord - fear me

    "cyber criminals are becoming increasingly sophisticated" - so no chance of Joey Essex is behind this then?

  3. Anonymous Coward
    Anonymous Coward

    Not to worry

    In Blighty cyber crims only get a slap on the wrist. That's why Blighty has so many cyber crims.

    1. Cynic_999

      Re: Not to worry

      All the objective research into crime & punishment shows that there is in fact little correlation between the amount of crime and the severity of the punishment, and that that exists at all is the reverse of what you think it is. Yet people still cling to the false notion that increasing the severity of the sentence will lead to a reduction in crime, whereas all it actually does is increase the *cost* of crime (because most punishments cost society real money either directly or indirectly - even fines).

      1. jonathanb Silver badge

        Re: Not to worry

        Increasing the severity of punishment for corporate criminals would be effective, because the small fines they get at the moment are just written off as a cost of doing business, and are no deterrent at all. For individuals, I agree with you.

  4. Doctor Syntax Silver badge

    I hope it is just one 15 yr old script kiddie, just to show up all the guff that Talk Talk have been spouting.

    1. dotdavid

      Yeah it would prove their security is all Talk no Walk

  5. SW10

    Am I right in assuming...

    ...that the sophisticated cyber skills of this dangerous individual—who clearly has so little regard for the law and TalkTalk customers—need some brushing up?

    Or is Dido Harding actually quite tech-savvy?

    1. Little Mouse

      Re: Am I right in assuming...

      She should have stuck to making records.

      Mind you, they weren't all that great either. Except for the one with Eminem.

  6. Known Hero

    in other news

    Plus net were seen walking out of the police station with a suspiciously empty briefcase.

  7. aidanstevens

    Hold on a minute..... assuming it is this kid (and your guess is as good as mine whether it is or not), for any real damage to be done he would either have to have sold the data already, which would require a buyer, which he would probably have had to source beforehand, or he has used the data already.

    Neither of those scenarios seems likely to me, especially if he is, as expected, a script kiddie doing it for the lulz.

    If he has still got the data and the only copy wasn't on the equipment seized by the cops then he will have to do something with it very shortly, which would take a great deal of nerve, as I would imagine he has been shaken up enough by the whole experience.

    Of course it could be nothing to do with him (maybe he was just running a Tor exit node or something).

    Either way we haven't heard the last of this yet, that's for sure.

  8. TeeCee Gold badge

    'Ang on.....

    I thought some bunch of jihadi nutcases had already claimed responsibility here?

    You mean they were lying jihadi nutcases all along?

    Not to mention really bloody stupid if they thought we'd never work out who really did it.....

    1. Fibbles

      Re: 'Ang on.....

      What's to say an Irish teenager can't be an Islamic jihadi?

      1. jonathanb Silver badge

        Re: 'Ang on.....

        He's British, not Irish, from Northern Ireland, and from a neighbourhood where most people vote for Unionist parties.

        1. I. Aproveofitspendingonspecificprojects

          Re: 'Ang on.....

          He's British, not Irish, from Northern Ireland, and from a neighbourhood where most people vote for parties, go to them or do childishly silly things amid posters of Star Trek galaxies and Star Wars dolls and signed photographs of who's that girl with the strange haircut?

          Princess someone?

        2. Fibbles

          Re: 'Ang on.....

          He's British, not Irish, from Northern Ireland

          He's still Irish, being British doesn't preclude that. Just like I'm English and British.

      2. Anonymous Coward
        Anonymous Coward

        Re: 'Ang on.....

        Well, an Irish catholic teenager couldn't unless paranoid shadows of the mind are overwhelming your mental processes.

  9. Anonymous Coward
    Anonymous Coward

    Wild speculation, because everyone else is

    My totally uninformed speculation - an email along the lines of 'i hv all urs data - snd a beeeeleon bit coins or the kitty gets it' - and the full force of the law arrives, black helicopters and all.

    (and you must be really bricking it if you used your Talk Talk phone to set up those Ashley Madison assignations....)

  10. x 7

    this kids in Northern Ireland. Its a fairly safe bet that the phone & data monitoring instigated during the troubles is still in place. If he has done anything then there should be fairly good records

  11. Peter Stone

    I'm wondering if the boys in blue will find out that either there's no/or a weak password on the home wi-fi router?

  12. Anonymous Coward
    Anonymous Coward

    The English speaking draconian democracies are starting to target children now. In the US incidents like a 6 year old being arrested for possession of an indelible marker are very common.

    We all know about the clock. A 15 year old showing some curiosity about science and the internet was lifted out of it by security agencies and the police.

    Young people who take an active interest in science should be respected and given a lot of encouragement and support.

  13. I. Aproveofitspendingonspecificprojects
    Paris Hilton


    > Following the arrest of the child on suspicion of the Use of his Parents Computer Act, TalkTalk claimed that "cyber criminals are becoming increasingly negligent and pranks against companies that do business online are becoming damagingly obvious".

    I know I should have sent the comment to tips and corrections but it was obvious. You should have known by the way the use of NoScript makes your own site usable.

    Meanwhile the d'oh d'oh winky wanky bird whose cloaca nests in place absurd has talk talk that is clearly heard. Rather than expessing thanks, when tipped the wink the lame bird tanks, with ratings in the lowest ranks because every time it winks it wanks.

    1. John Brown (no body) Silver badge
      Thumb Up

      Re: FTFY

      "Meanwhile the d'oh d'oh winky wanky bird whose cloaca nests in place absurd has talk talk that is clearly heard. Rather than expessing thanks, when tipped the wink the lame bird tanks, with ratings in the lowest ranks because every time it winks it wanks."

      I had to check the byline to see if this was AManFromMars then I realised it made a sense of a sort and even had rhythm and rhyme.

  14. hatti

    The Bust

    OK kid, put the pot noodle down and step away from the router.

  15. Chris Cartledge

    Nothing important was stolen...

    According to TalkTalk nothing important was stolen anyway acording to there customer letter, below, so there should be no charges...

    our TalkTalk account number: nnnnnnnn

    Dear xxx,

    We know it’s been a worrying and frustrating time since Wednesday’s cyber attack on our website. We’re doing everything we can to get to the bottom of what happened as soon as possible and to keep you updated. Our investigations are currently showing the following:

    • The number of customers affected and the amount of data potentially stolen is smaller than originally thought. Our website was attacked, but our core systems weren’t and remain secure.

    • On its own, none of the data that may have been accessed could be used to leave you financially worse off.

    • We don’t store unencrypted credit or debit card data on our site, so any card details which may have been accessed have the 6 middle digits blanked out. For example, it would appear as 012345XXXXXX6789. This means it can’t be used for financial transactions.

    • No My Account passwords have been accessed.

    • No banking details were taken that you won’t already be sharing with people when you write a cheque or give to someone so they can pay money into your account.

    We will continue investigating and promise to keep you updated as we know more. In the meantime, we strongly encourage that you:

    • Sign up to your free credit reporting service using this code: TT231. We have partnered with Noddle, one of the leading credit reference agencies, to offer 12 months of credit monitoring alerts for all customers. You can find out more at

    • Stay vigilant - TalkTalk will NEVER call customers and ask you to provide personal details or passwords. Please take all steps to check the true identity of any organisation that calls requesting personal information. If you have any doubts, please call us on 0800 083 2710 or 0141 230 0707.

    We are sorry for the concern this week’s attack has caused, but want to reassure you that we are doing everything possible to keep your information safe.

    For more information, please visit:

    Yours sincerely,


    Tristia Harrison

    Managing Director, Consumer

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like