
Norwich is in London?
A 16 year-old boy from London has become the fourth to be arrested in connection with the hacking of British telco TalkTalk. Information is thin on the ground. Detectives from the Metropolitan Police Cyber Crime Unit arrested the boy at his Norwich home on suspicion of Computer Misuse Act offences and he remains in custody. A …
The yoof form London arrested at his house in Norwich.
The funny thing with people is they mostly have legs which affords them the ability to read....
The other funny thing is with people is they mostly have eyes and a brain, but this doesn't always afford them the gift of using them in conjunction with each other.....
I do wonder if this was a cut and paste job from the BBC web site ...
Police have made a fourth arrest, of a 16-year-old boy, in connection with the investigation into an alleged data theft from TalkTalk.
He was held on suspicion of Computer Misuse Act offences after officers searched an address in Norwich.
Police have also arrested and bailed a 16-year-old from London ....
I believe the Police go with a name and birthday being sufficient to uniquely identify an individual. But even they don't just assume unique identification for two people of the same gender and age.
Sniffing around it appears clear that TT was penetrated some time ago, and at some point, 'pros' got involved and emptied what they could. Subsequently the vulnerabilities have become a little more public and the odd script kiddy has been picked up trying it out. I'll bet it will be IP addresses that caught these little rascals, but there will be no evidence of large scale data theft and forwarding.
I have my doubts the people arrested so far are the actual perpetrators. In fact the more 16 year olds arrested, the less likely it is. Quite aside from Finks Fifth Law, I refuse to believe 4 16 year olds could organise their homework diaries, let alone a "sophisticated cyber attack" (c).
Given how all this has played out, it's entirely possible the entire reason for the hack was to create enough media noise such that phone and email phishing attempts briefly became easier with no actual need to use the accessed data (and thus risk capture).
When news of a "ransom" was mentioned, I turned my thoughts as to how to extract money from such a situation without ever being caught. Obviously a straight transaction of bitcoin is ultimately identifiable. However, then I wondered, what if the perpetrator legitimately accumulated a stash of bitcoins over time. Undertakes hack. Ransom demand is that the victim simply buys £1,000,000 of bitcoins. I'm not economist, but the spike in demand should heft the value of my *already bought* bitcoins enough that I make a profit. Not the £1,000,000 paid out, but a substantial amount.
I was putting card in phone boxes to stop the coins dropping (just before I learned the wonders of pulse and DMTF) and nicking the bottles from the backyard of the shops to return them (which I got a bloody good clout round the ear for when the shopkeeper worked it out)
How times change. Kids these days, no respect for anyone.
In this case though, and to stretch the analogy, the gunmakers were leaving the guns in a box tucked not-quite out of view with a sign on it saying "over 18s only" and no other security. I'd stretch it further, but I fear it'd break AND lead onto a discussion about gun control
another "hang the gunmakers, not the shooters" supporter eh?
I read it that those responsible for the security of the personal data failed miserably in their responsibilities and therefore they should also be investigated in great detail and punished appropriately. Simply blaming the perpetrator, or perpetrators, is not acceptable as we don't live in a trusted, wholly open society therefore there is responsibility for the protection of the personal data that was provided in good faith and legally protected.
As it's traditional to include real-life metaphors (or is it similes? can never remember) - if you leave your front door wide open and somebody comes in the door and makes off with your property then you have a certain degree of responsibility. While it's true that it needed that somebody to come in, you made it easy through carelessness. Try arguing with your insurance company that it wasn't your fault your car was stolen if you left the keys in the ignition and the door open...
I think a better comparison would be if you lived in a set of flats but the owner of the flats refused to install a door on anyone's flat inside the block of flats, the security guard kept on telling the building owner they should install doors, preferably with locks on each flat, and install cctv in the corridors, and maybe put a key card on the outside door as opposed to a keypad lock where the code to get in was 1234. But they fired the security guard and replaced her with an intern on 3000k a year and removed the keypad so now the door is just hanging open because it broke and replacing it would of eaten into their advertising budget.
All the while they signed up to a set of rules that kind of suggested they had to secure all properties to an adequate level.
The fault is about 95% the board of directors.
how would the fact that (so far, to the best of my knowledge) all bar one of those arrested are under 16 affect the views of those proposing to raise the age of criminal responsibility to 16 or even 18? Given the apparent prevalence of teenage offenders in IT related crime, this could lead to an interesting impotence on the part of enforcement authorities if it ever comes about, with consequent issues for the industry as a whole.
I'm not sure about the effect on any civil claims for damages (e.g. TalkTalk sue the kid for £M), and whether parents or guardians are vicariously liable, assuming the youth's assets amount to little more than a console and a tablet, and possibly some expensive sneakers.
Talk Talk shouldnt be able to sue anyone.
Regardless of the criminality of the attackers Dildo and her merry team of fuckwitts did absolutely nothing to protect the data.
The level of wilful negligence on the part of Talk Talk given they have been bent over and data reamed 4 times in 12 months should in itself lead to jail time for its leadership. Once is bad enough, but 4 times really does suggest an inherent structural problem in the company.