back to article Second UK teen suspect arrested over TalkTalk hack

Police have arrested a second teenage boy as part of the ongoing investigation into alleged data theft from UK telco TalkTalk. The 16-year-old, from Feltham, west London, was arrested on suspicion of Computer Misuse Act offences on Thursday. The unnamed teenage has since been released on police bail. Detectives from the …

  1. Alastair Dodd 1

    flailing around to find the actual hacker

    Has the first script kiddie been released yet? Obviously it is a hard task to find the actual hacker as Talk Talk's security was about as strong as a single ply tissue there must be millions of possible perps...

    1. Stuart 22

      Re: flailing around to find the actual hacker

      Ahem - is there any 16 year old not guilty of Computer Misuse? Maybe he cracked the porn filter by clicking on the over-18 button or summat.

      They'll be found guilty of drinking cider in the park next.

    2. Dr Dan Holdsworth
      FAIL

      Re: flailing around to find the actual hacker

      I have seen it reported that there were telephone-based social engineering attacks going on for at least a week, and probably longer before the main hacking event took place. I therefore think that the Talktalk vulnerability to an SQL injection attack has been fairly common knowledge in the black hat community for quite a while, with many a script kiddie giving it a go to see what could be extracted.

      As the only reported attacks have been social engineering ones, I am inclined to believe Talktalk when they say that no complete bank details could be stolen via this SQLi attack. The script kiddies being rounded up thus far are just the first few muppets with UK IP addresses seen in the logs of Talktalk; small fry and of no real importance at all, though UK police will doubtless be prosecuting with customary verve.

      As the main hack event coincided with a major DDOS, I rather think that a larger hacking outfit had a good, long sniff round the original SQLi vulnerability and decided that since Talktalk appeared to be rather bad at security, more than just incomplete bank data might be obtainable if a bit more force were used.

      Thus far, very few reports of major thefts from Talktalk customers' accounts seem to be surfacing, so it would appear that at least some of Talktalk's security is decent.

      1. Stuart 22

        Re: flailing around to find the actual hacker

        Do we have actual evidence of a DDoS? Reporting has been very confused. What is clear is the website was taken down by TalkTalk and not by hackers. Whether it was the volume of traffic or the nature of the traffic (crafted URLs?) that caused them to do this is a mystery to me.

        All i really know that the IT mess appears to perfectly complement the management mess. But I think we knew that already.

      2. Anonymous Coward
        Anonymous Coward

        Re: flailing around to find the actual hacker

        "Thus far, very few reports of major thefts from Talktalk customers' accounts seem to be surfacing, so it would appear that at least some of Talktalk's security is decent."

        Stealing money from bank accounts would be too obvious. The danger here is that the details can be used for identity theft, eg take out credit your name, etc. This will take longer to surface and no doubt talktalk will try to shirk responsibility for that.

      3. nemo183

        Re: flailing around to find the actual hacker

        "Inclined to believe" - I think you put that well. Just so long as you aren't influenced by anything she says. The truth is a foreign land to TT that nobody visits.

  2. Captain TickTock
    Joke

    Reminds me of the old joke...

    "There were 2 of them!"

    1. Anonymous Coward
      Anonymous Coward

      Re: Reminds me of the old joke...

      No, wait... there was 4! As I was walking towards them, they got me from behind... it was dark, and the sun was in my eyes.

  3. Anonymous Coward
    Anonymous Coward

    Talk talk

    according to Talk Talk, they used all "appropriate" measures and were "diligent" in looking after customer data (ie they didn't breach either the Data Protection Act or the Supply of Goods and Services Act) .. so how come the police are wandering around arresting script kiddies?

    SQL Injection / script kiddie does not equal appropriate, diligent measures taken.

    1. Dan 55 Silver badge
      1. unwarranted triumphalism

        Re: Talk talk

        Well, if there are many more of these incidents I will certainly consider it.

        1. Dan 55 Silver badge

          Re: Talk talk

          Three not enough?

          1. Anonymous Coward
            Anonymous Coward

            Re: Talk talk

            well, chief exec says we have nothing to worry about, and she has the full support of the board.

            What could possibly go wrong? ;-)

            'scuse me, beer o'clock ....

      2. h4rm0ny

        Re: Talk talk

        >>Anybody here not left TalkTalk yet?

        I have a thread in the forum section asking for recommendations of ISPs people should move to. I'm not sure if the lack of replies is due to the low activity level in the forums or, perhaps more likely, that there are no decent ISPs. I'll confess that whilst I would recommend people away from TalkTalk, there are very few ISPs I would recommend people toward. It would be good to find otherwise, though.

        1. I_am_Chris

          Re: Talk talk

          I've been very happy with Plusnet for the last few years. I'm happy to recommend them.

  4. Ynox

    Since when has Feltham been in Surrey?!

    Pretty poor performance by TalkTalk. If it were a SQL Injection attack it's pretty much unforgivable!

    1. Anonymous Coward
      Anonymous Coward

      Yes, Feltham is Middlesex

      Not that Middlesex exists any more. Story updated.

      1. Ivan Headache

        Not that Middlesex exists any more

        Except on countless websites that insist on you entering a county!

        1. Nick Ryan

          Re: Not that Middlesex exists any more

          ...and which county is London in? That's the most common balls up so many websites make. And this doesn't just affect London either.

          Interestingly, the Post Office, does not treat county as part of a postal address and they haven't done so for quite a few years. This is partly down to simplification but also to avoid problems when county boundaries arbitrarily change. And yet many websites still insist on county for postal addresses...

          Now if I could slap the tossers that insist that credit/debit card numbers must be entered without any spaces (because it's far too difficult to strip spaces out of a string of numbers of course) or the eejits who have month names instead of numbers for valid from and expiry dates on the same cards. Gah!

      2. Fruit and Nutcase Silver badge
        Coat

        Re: Yes, Feltham is Middlesex

        may be he'll get sent here...

        Feltham Young Offender Institution

        http://www.justice.gov.uk/contacts/prison-finder/feltham

  5. Anonymous Coward
    Anonymous Coward

    Really?

    I'm wondering if they are just arresting random script kiddies who took part in the DDoS attack without being smart enough to hide their IP addresses.

    If so, I hope they aren't going to be used as scapegoats for the actual intrusion.

    1. MR J

      Re: Really?

      I doubt the DDoS attack was done by users, those would have likely been infected computers. But most people who ask me to look at their computers usually have teenagers and you find that the illegal movies / porn / games that they download is often mixed in with tons of malware.. So perhaps they are arresting people that own the computers that took part in the DDoS attack.

      My guess, these kids thought it would be fun to try and demand money from TT and it didn't work out that well.. Until such information is released then we will never know... Of course, many UK papers are saying it was Russian ISIL Jihad Terrorist... So these young lads must have been converted somewhere eh?.

    2. macjules
      Thumb Down

      Re: Really?

      Apparently they are all part of a 'Soviet Islamist group based in Russia', according to the police, which I take to mean that they meet up on a room on GameSpy/GameRanger and play Call of Duty with gamers from other countries.

      Also, TalkTalk now say the amount of financial data stolen from its systems was "materially lower" than expected and that the 'attack' was on its public-facing website, not its core systems. Nice to know it stores financial data on its public-facing site.

  6. Your alien overlord - fear me

    Well, if you were that good, wouldn't you frame other script kiddies who obviously brag in the schoolyard.

    Either that or these are weird interviews for GCHQ apprenticeships.

  7. chivo243 Silver badge

    @Evil Graham

    "who took part in the DDoS attack"

    And didn't know about the bigger target? I tend to think so...

    I think it would be easy to recruit a few bored teenagers to DDoS a company, wind 'em up about how cool it is... you've got your DDoS'ers set. Point and shoot.

    1. Anonymous Coward
      Anonymous Coward

      Point and shoot.

      That was my point ... I hope they don't get shot.

  8. Pete 2 Silver badge

    The fly on the wall.

    You can imagine the scene inside Talk Talk's IT department:

    The IT boss is there, yelling at his/her/its subordinates: "Your (note the shifting of ownership) security was so crap that even children could break into it! Maybe I should sack the lot of you and employ some kids, instead?"

    and from the back of the room comes the anonymous, quiet reply: "We've been telling you it was hopeless for years, but you management did nothing about it. Maybe we should replace the management team with some script kiddies who know the importance of security in IT systems?"

    1. dotdavid

      Re: The fly on the wall.

      It was probably just one or two engineers' fault. Most things seem to be nowadays.

      1. Nick Ryan

        Re: The fly on the wall.

        rogue engineers. There, fixed that for you. Ignoring any prior art by VW of course.

  9. Anonymous Coward
    Anonymous Coward

    And over a week later, the My Account website is STILL unavailable.

  10. LucreLout

    If...

    ...they can find just two or three more teenagers, they might catch one that is old enough to vote, and if they're really lucky, older than Sql Injection.

    You got owned by children. The whole of senior management at TalkTalk should reflect on that and contemplate if they really do posess the "talent" their shreholders have been paying for. I for one rather think that they don't.

    1. Anonymous Coward
      Anonymous Coward

      Re: If...

      You got owned by children

      like saying to someone who's car gets stolen "you got owned by a kid"

      security should be better

      to do that prices need be higher

      You chose the "cheap as chips" ISP, so it's YOUR fault if your data gets stolen

      Like blaming your £100 car because you're a bad driver and it keeps stalling

      1. h4rm0ny

        Re: If...

        >>"You chose the "cheap as chips" ISP, so it's YOUR fault if your data gets stolen"

        Wait, TalkTalk are cheap? Are you sure about that? They're the same or more as others, when I looked.

        All ISPs have raced each other to the bottom as far as I can see. I have looked but I don't know any 'premium' (for want of a better term) ISPs. Do you?

      2. LucreLout

        Re: If...

        @AC

        like saying to someone who's car gets stolen "you got owned by a kid"

        No, no, it isn't. It would be like saying to Ford "You got owned by a kid because they can defeat the security you design into your cars".... which, funnily enough, is exactly what happened in the 1990s during the joy riding epidemic. Saying this to Ford is what ultimately led to the vehicle security we enjoy today, and that security is very good, but not infallible (Hello BMW et al).

        Neither the owner of the car nor the owner of the data are at fault. TalkTalk are, and Ford (and others) were.

  11. eJ2095

    Yay the random IP raffle

    Pick an IP and pin it to them lol

    Nobody can be that naive and to run something like this from there own IP address......

    1. Matt Bryant Silver badge
      FAIL

      Re: eJit Re: Yay the random IP raffle

      "....Nobody can be that naive and (sic) to run something like this from there (sic) own IP address...." What, you never heard of LOIC? If the coppers were into arresting those that naively act as cover for the real DDoSers than half the Anonyputzs would have been charged long ago. The Police have plenty of experience of sorting the wheat from the chaff.

  12. Anonymous Coward
    Anonymous Coward

    And still no word of on action against TalkTalk and its board of directors for allowing the company to be so pathetically vulnerable.

  13. johnnymotel

    my good fortune....

    We are moving house very soon, and before all this happened I had decided TT was bollocks, so was already to cut them off and move to someone else. Trouble is the 'most secure big name' i.e. Virgin is not wired up to our new street, so I have to look elsewhere.

    Cant wait to say bye-bye.

  14. Anonymous Coward
    Anonymous Coward

    SQL Injection is still out there

    I work for a company that's large enough to be globally known. Well, technically they are the parent company to our parent company, but most of my work is for them.

    They run their own payment gateway, and a few weeks back I found a SQL Injection vulnerability on it (to be fair I didn't find a way to make it leak data but somebody with more skills might have been able to). The reason I found it was because payments to people with an apostrophe in their name always failed... I spoke to the manager of that department, and their response was "it's not a problem, just don't allow users to enter apostrophes" and that they weren't going to do anything about it.

    Somewhat struck by the many levels of stupidity in this response I decided to go up the chain somewhat. Funnily enough the senior management agreed with me and it was fixed rather sharpish.

    AC - because I value my job.

    1. billse10

      Re: SQL Injection is still out there

      good to know Bobby Tables is alive and well .......

      (possibly my favourite xkcd, although that's a tough call)

    2. Anonymous Coward
      Anonymous Coward

      Re: SQL Injection is still out there

      Value your job, hmmmm. My office Monday morning.

  15. anonymous boring coward Silver badge

    I doubt there was a DDoS attack. It would defeat the aim of extracting data.

    More likely TT's shitty servers had problems keeping up with the data extraction (which may have been distributed to minimise the chances of detection).

    I suppose a DDoS could be aimed a specific servers not involved in the data extraction, just to keep sysadmins busy. But that would at the same time risk raising alarms.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like