Slashdot Mirror

← Back to Stories (view on slashdot.org)

15-Year-Old Boy Arrested In Connection With TalkTalk Hack (bbc.co.uk)

Posted by Soulskill on from the fish-in-a-barrel dept.

Phil Ronan writes: Scotland Yard says police have arrested a 15-year-old boy in connection with the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him and conducting a search of the house he lives in. TalkTalk now says the breach was smaller than it thought, and full credit card details are not at risk. "Dido Harding said any credit card details taken would have been partial and the information may not have been enough to withdraw money 'on its own.' Card details accessed were incomplete — with many numbers appearing as an x — and 'not usable' for financial transactions, it added." In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.

100 comments

  1. That editorial summary tho by Sowelu · · Score: 5, Insightful

    I mean, of course if your store is getting broken into a lot, you should buy better locks. Doesn't mean that if there's a crime spree and a rash of of robberies you shouldn't call on the government to investigate or patrol more.

    1. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      considering the hacker didn't get anything usable per the article... whats the crime. also the effing idiots didn't even know what was stolen or probably even what they had and why they needed to store the cc data in the first place. now all they need is IoT deployed through their business and they will really get to be secure.

    2. Re:That editorial summary tho by mattyj · · Score: 2

      So you're okay with people breaking into your home, as long as they don't take anything of value?

      How about criminal trespass, and yes, thievery. Doesn't matter if someone doesn't end up with 'anything usable', they possess property/data that doesn't belong to them.

    3. Re:That editorial summary tho by mattyj · · Score: 1

      I thought that was a weird comment, too. There have only been a few times in history (American) where private companies were the ones also enforcing the laws.

      The "urgent action" in the story is the suggestion that UK law enforcement take data theft as seriously as physical theft. Meaning, investigate and prosecute. Not sure why anyone would be against that.

    4. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      considering the hacker didn't get anything usable per the article... whats the crime.

      What part of "in other news" don't you understand?

    5. Re: That editorial summary tho by Anonymous Coward · · Score: 0

      As a CTO, good luck with that. Security has zero ROI, and shareholders will have your head saying you are buying bananas to keep the alligators away.

    6. Re:That editorial summary tho by stephanruby · · Score: 1

      That editorial summary tried to blame the business, but it did a piss poor job of it. Had the editor actually read the article, then they would have gotten great ammo from it.

      The fact is. That business didn't notify any of the affected customers when it found out about the breach. And two, there seems to be anecdotal evidence that this information is out there, even if it's incomplete, and that scammers have been using the little bit of information they do have to get the rest through social engineering.

      In other words, there seems to be no incentive in the UK to disclose security breaches of financial details to its affected customers.

    7. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      digital tresspass . poshsible identity fraud depending, computer misuse, theft of lectricity if they are desperate on how they got in.

    8. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      Exactly - who is the numbskull that wrote that tripe in the first place? "Yeah, we shouldn't ask the government to stop crime - everyone has to do it for themselves".. What could possibly go wrong with that?

    9. Re:That editorial summary tho by cheater512 · · Score: 1

      It's their implication that they were innocent victims, when in reality they left their safe unlocked, and the door open overnight.

    10. Re: That editorial summary tho by theCzechGuy · · Score: 1

      They are already taking it more seriously than physical theft. What was the last time you've been robbed? What did the police do about it?

    11. Re:That editorial summary tho by BasilBrush · · Score: 1

      No it's not their implication at all. They have held their hands up to not knowing which parts of the data was encrypted and which wasn't.

      It's other businesses that have called for more government (i.e. police) action on cyber crime. And quite rightly too.

    12. Re: That editorial summary tho by BasilBrush · · Score: 1

      When for good or bad, the police reaction is proportional to the scale and severity of the crime. A burglary affects one household. This potentially affected hundreds of thousands of people.

    13. Re:That editorial summary tho by cheater512 · · Score: 1

      What's wrong with current enforcement? They usually do catch the guys (Lulzsec, this case, etc...) which is much more than they can say about real world break ins.

    14. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      And if you Take the Money, You Go to Jail.

      If you walk in and look at the Money, You are guilty of trespass.

      If you check every house on the street to see who forgot to lock the Door, still probably trespass.

      The Internet does not make crime legal.

      True Store.
      If the ATM Guy leaves a Bag of Money on the Lawn of the Bank.
      You Pick it up and Buy a New Truck.
      You Go to jail.

      What happen to the ATM Driver or Bank did not help this guy.

    15. Re: That editorial summary tho by corychristison · · Score: 1

      I once had someone go digging through my car. Nothing was damaged and the only thing missing was a broken ipod touch.
      Not exactly worried about it. Didn't file a police report because nothing of value was lost.
      Personally i always am ssure to lock the vehicle (my wife would say obsessive). It is entirely possible my toddler had gotten ahold of the key fob and unintentionally unlocked the car. Shit happens. I'm just more careful about where I put my keys and the kids are older now and know not to push the buttons on the key fob.

    16. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      This is what happens when you teach computer science ti kids. They have the mental acuity to figure out how to do terrible things, but not the maturity or moral conscience to know better.

      The political agenda aimed at creating more software developers in order to pull salaries down will just create a new Internet crime wave.

      Just watch.

    17. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      TalkTalk has form in this area already.
      They have recently lost (!) several of their technical staff and last week advertised for a Security Officer.

      My personal experience with them is not good.
      Basically if its not Windows and you are not a complete novice you will have them baffled.
      They are one of the cheapest ISP in the UK and as always you get what you pay for.

      As well, I have had at least 1 person corner me and ask why the internet speed with TalkTalk was so much slower than his neighbour's who was on a different ISP, and yet both on them are on the same copper wires to the same exchange

    18. Re:That editorial summary tho by KGIII · · Score: 1

      No, they possess a copy. *nods* We, Slashdot, are all about information being free until it's our information. We didn't take anything when we made a copy. They still have use of that data, after all.

      Yes, tongue-in-cheek. I do, actually, support copyright and patents but I feel the system needs to be reformed to reflect a more modern society and the speed that technology now changes.

      --
      "So long and thanks for all the fish."
    19. Re:That editorial summary tho by KGIII · · Score: 1

      Per your enforcing the law... Hmm... I guess that depends on how you look at it? I'm probably reaching a bit here so I'll try to be brief - I don't have much of a point, anyhow.

      My business had been broken into, the alarm company called, the kid was in custody. After letting it get partway through the court system we opted to drop charges and were able to set up a deal with the judge. He had to work to pay off the money to cover the repairs. We'd convinced our cleaning company to take him on to work at our office (he eventually earned enough trust to work elsewhere). He had to stay out of trouble for a year and stay in school, with passing grades and acceptable behavior reports - while working 20 hours per week. I'd have just let him work at our place doing the cleaning and outside stuff had the cleaning company not taken him on to do other work. In return, at the end of the year, his case was round-filed which included expunging the arrest record.

      Which was what I'd decided I wanted. (By the way, only 1/4 of his weekly pay was deducted to pay for the damages, damned kid.)

      So, in a way, yes... That was us enforcing the law - but, as I said, I'm kind of reaching here. We worked within the legal framework (including time off to see the DA and attend two of the initial court appearances and the last one where the case was dismissed).

      For the curious, it turned out okay. I'm not completely certain but I'm told that he's now got his own cleaning company, he goes in at night and does office cleaning as well as industrial floors - that type of stuff. I guess he's got a bunch of people working for him and many are young, underprivileged, and ex-cons. He also (I'm pretty sure) was planning on (or doing something) about giving kids a way to stay out of trouble - like a Boys Club type of thing. I don't really know. I've not been in the area for eight years and this was more like fifteen years ago.

      Now, there was still a judge and a representative of the State involved but we decided the punishment, we enforced the (as in I, personally, got the letters from his teacher and his report cards) stipulations - including the time worked, and we decided to not move the prosecution forward at the end of the year (which he passed with flying colors). We were not the law but we had the force of law behind us and quite a bit of control (or influence) on how that process worked.

      This was Winston/Salem NC and I'm not sure how the court system would react today but it wasn't that long ago, really. The kid did seem interested in getting into coding and was working with one of the devs to see if he could make a traffic simulation game (we had the best MFing traffic sim "game" in the world, thank you very much - I might be biased) but nothing ever came of it. He liked the outcome, he liked the work, but he didn't seem quite able to grasp the process so much and we had plenty of staff so there was always help for him - he actually would come in 'off hours' after school quite a bit.

      Anyhow, nice family but poor and a lot of kids. The parents were always out of the house, working their asses off, and we all met and whatnot. My thinking was that the courts wouldn't have actually done anything to him except punish him and punishment wasn't really what I felt was required. Well, not solely required. He was punished, he worked to fix the damage. Beyond that, I figured, he needed something to keep his ass busy and some rewards for his effort to learn to respect himself.

      Which ties back in... It was my ideology (technically, not just mine as I'd discussed it with a number of those who worked with me) that influenced the court's decision as well as the State's decision to not prosecute but to allow a certain set of criteria to be met. I'm not sure if that counts as enforcement but it is pretty close. True, it's not total but it's not unprecedented - I guess that's my line of thinking and my point. For certain periods of time, we had data on-site that was the property of others and part of our contract was to

      --
      "So long and thanks for all the fish."
    20. Re:That editorial summary tho by KGIII · · Score: 1

      Hmm... Not sure if serious?

      Very seldom does the "government" stop crime. They investigate it and punish it, after the fact. They don't usually prevent anything.

      This may not be a popular thing to say but, as I think about this - I'm okay with that. The methods they'd need to use to stop crime would be too harsh, I think. I'd assume they'd be only able to accomplish this be removing freedoms and restricting rights. I am kind of happy that the government isn't really meant to (even if they think they are) stop crime. Crime sucks but they should only be in the business, generally speaking, of prosecuting those who have committed crimes - that should be more than enough, usually, to keep them busy.

      I've never given it much though but, on first blush, I'm okay with the government not being in the business of stopping crime. You don't expect the government to provide you with locks on your door, would you? (Maybe you would - your post indicates you just might be. I am not, I don't think?) You don't want them stopping you to see where you're going and what business you have at your destination, do you? (Again, you might.) You don't want them collecting and inspecting your data to see if, just maybe, you're committing a crime, do you? (Yet again, you might.)

      No... I don't think I want the government to stop criminals (for the most part). Sure, where there is an obvious, known, and present threat then reasons takes over and it'd be nice if they stepped in to protect the citizens. However, I'm armed because I don't expect the cops to save me if I'm being shot at (if I'm just being mugged then I'm just going to give them my wallet).

      Yeah, the more I think about it - they're kind of right -- in my opinion. I don't want the government trying to stop the criminals, generally speaking. I want them to prosecute those who break the law. The only way they can prevent crime is to reduce freedoms and rights. I'm open to suggestions but I'm not sure how it's the government's responsibility to prevent crime nor do I really think it should be their responsibility (regardless of what they think). That's how you end up with the NSA, Homeland Security, or the likes.

      Hmm... This needs reasoning and logic applied. :/ Note to self: Ponder this.

      --
      "So long and thanks for all the fish."
    21. Re: That editorial summary tho by Maritz · · Score: 1

      Tony Slattery did that. The proof to Goldbach's conjecture was on that iPod touch.

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    22. Re:That editorial summary tho by Maritz · · Score: 2

      Everything You Were Told About Capital Letters Is a LIE

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    23. Re: That editorial summary tho by JackieBrown · · Score: 2

      I imagine if they didn't file a report and this happened again but information was stolen, it would look like they had been covering up a history of negligence - even if they did take steps to beef up their security.

      Also, not reporting it could make it seem they were not even aware the hack happened which could embolden people to keep trying.

    24. Re: That editorial summary tho by Anonymous Coward · · Score: 0

      If a 15yr old is responsible, believe me, they have a lot to worry about. Like why are they even in business if some kid wet behind the ears can troll their servers. Fuck em I say. That goes for all entities hacked now or ever.

    25. Re:That editorial summary tho by Coren22 · · Score: 1

      Try this one cool trick to better grammar, the teachers hate it!

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    26. Re: That editorial summary tho by Coren22 · · Score: 1

      When I had a house robbery, the police took prints, our report, etc, then called me a month later to ask if I found the thief...I thought that was hilarious, as I had no access to the crime lab.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    27. Re:That editorial summary tho by poofmeisterp · · Score: 1

      Everything You Were Told About Capital Letters Is a LIE

      He's Coding His sTatement. It's just Bad fOrmatting of the vAriable nAmes. _dUuhh.

    28. Re:That editorial summary tho by Anonymous Coward · · Score: 0

      Try this one cool trick to better grammar, the teachers hate it!

      They just can't use all caps so they've reduced it to what looks like a Proper-Nouned Expression OF Ideas. Take Them Seriously, Man!

      I used all caps in the line above. Reject me, Internal Yelling Protector Thingy Of Slashdot!

      (heh)

    29. Re: That editorial summary tho by poofmeisterp · · Score: 1

      If a 15yr old is responsible, believe me, they have a lot to worry about. Like why are they even in business if some kid wet behind the ears can troll their servers. Fuck em I say. That goes for all entities hacked now or ever.

      The kid was clearly a terrorist or would have not accomplished such nearly-impossible feat. The business needs protection from *terrorists*! *cough*

    30. Re:That editorial summary tho by poofmeisterp · · Score: 1

      Hmm... Not sure if serious?

      It was clearly just a "Hey, Biff, what's that?!?!" ploy. Read: "Don't focus on our security; it's clearly them there terr'rist kids doing the impossible, like getting through our impenetrable security measures. We need more gub'mint efforts to stop this hacking of our society as a whole and we'll help however we can!"

      Truth: "Uh, we suck at security, even financial. We understand if no one trusts us with their financial or private info anymore. Granted, the loss wasn't that bad, but it proves that we can be lazy enough in our efforts to maintain complete security (like we said in our Agreement with you that we WOULD). Pissing off is in our future plan because we're awesome with growing and planning. [We] digress."

      P.S. That wasn't my comment you replied to; just throwing in my useless $0.0001 to state the obvious (from my Asperger's mind).

    31. Re:That editorial summary tho by poofmeisterp · · Score: 1

      This is what happens when you teach computer science ti kids. They have the mental acuity to figure out how to do terrible things, but not the maturity or moral conscience to know better.

      The political agenda aimed at creating more software developers in order to pull salaries down will just create a new Internet crime wave.

      Just watch.

      That is such a wise view of Human repetition of mistakes that it can't possibly happen! We never make the same stupid mistakes again and again and ag.....

    32. Re:That editorial summary tho by BasilBrush · · Score: 1

      Haven't seen the details on how they caught this one yet, but he did try to blackmail them. Always difficult to come up with a scheme to collect blackmail money and negotiate it without giving yourself away.

      Usually is certainly not the case. Internet fraud is a steady and profitable business for many, many people, with almost no chance of getting caught.

    33. Re: That editorial summary tho by Tijaska · · Score: 1

      The felon was a 15 year old. When the police start arresting 5-year-olds for hacking, we have to ask what is it that's broken? The kids? Or companies that dash online without the first clue of how to protect their assets?

  2. Also in the news by Opportunist · · Score: 4, Informative

    Consumers called for "urgent action" to slap corporations with crippling fines who are collecting all sorts of data of their customers but are too incompetent to defend it against 15 year old script kiddies.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Also in the news by gweihir · · Score: 1

      Couldn't agree more. Pathetic-level security must have severe consequences for both the company and the company officials responsible.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Also in the news by Opportunist · · Score: 1

      Ok. Please tell me how to buy anything online without handing out at the very least name, address and credit card number (and that's really the bare minimum required to get anything delivered). Depending on what I want to buy other personal information like shoe size, sexual preferences or topics of interest will be available to the merchant.

      And what does a bank have to do with this AT ALL? You may have an argument concerning the credit card, but everything else is necessarily something I have to inform the merchant about and I do expect him to either be able to handle that information responsibly or not store it altogether. Storing it and being negligent is something that should be punished, and punished severely.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Also in the news by BasilBrush · · Score: 2

      Yes, he does indeed have a point about credit card numbers. In this day and age we shouldn't have to pass an unchanging credit card number and ccv number to a merchant. Information which allows them to make multiple transactions without any further approval.

      Rather we should be able to pass a one off number for a particular transaction, a number that identifies both people in the transaction and the amount. It'll be a long number, but that's OK we all have the technology in our pockets for it to be generated and sent without us concerning ourselves with what the number is.

      Given that banks could do this, but don't, they do as an industry bear some of the responsibility.

      Possibly it would kill Amazon's one click purchasing scheme and the like. But it would be worth it.

    4. Re:Also in the news by sconeu · · Score: 1

      Amex used to let you generate a one-shot CC number for any given transaction.
      It was called "Private Payments".

      I wish they still had it.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    5. Re:Also in the news by houghi · · Score: 2

      This reminds me of a hack that happened a few years ago in Belgium. Some people claimed he was not really hacking, just using a known flaw (IIRC). His reply was that that makes it even WORSE. If a non-hacker can get into the system, it does not make the "hacker" smarter, it makes the defense more stooped.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Another BS story by Anonymous Coward · · Score: 0

    You can see it in the first two words of the title "15-year-old boy..."

    Let that guy rape someone and it's "man." But since we're making outrage click-bait hes a "boy."

    1. Re: Another BS story by Anonymous Coward · · Score: 0

      So... He should be called a man? From the whole incident this is what you get your panties in a knot over, how British society calls males under (generally) 18 "boys" and over 18 "men".

  4. Should have been AppApp! by Anonymous Coward · · Score: 0

    If TalkTalk changed their LUDDITE name to a modern name like AppApp, they wouldn't have been apped, because only apps can app apps!

    Apps!

    1. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      If I've learned anything from /. they most likely didn't use a host file or do apt-get update.

    2. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      They should have used APP-get! I'm going to file a petition to force Ubuntu to rename apt-get to app-get so app appers can app apps on Appbuntu!

      Apps!

    3. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      Are you the cows guy?

    4. Re: Should have been AppApp! by KGIII · · Score: 1

      $ sudo alias app-get="apt-get" && alias moo="update" && alias cows="upgrade"

      $ sudo app-get moo && cow

      --
      "So long and thanks for all the fish."
    5. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      God damn you. Now I have to ln -s /usr/bin/APP-get /usr/bin/apt-get for legacy.

    6. Re: Should have been AppApp! by poofmeisterp · · Score: 1

      $ sudo alias app-get="apt-get" && alias moo="update" && alias cows="upgrade"

      $ sudo app-get moo && cow

      But, but.. what about the Penguins?

    7. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      See someone else proves me not wrong now. He get it

      APK

      P.S=> *I told you everyone, it works well for security

    8. Re: Should have been AppApp! by Anonymous Coward · · Score: 0

      Hmm...

      $ sudo alias penguins="build-essentials"

      Now to install the crap to make, make install, ect will be:

      $ sudo app-get install penguins

  5. Rub their noses in it by Bruce66423 · · Score: 3

    The security was so bad that a boy could defeat it. Worth making fun of the ignoramus in charge of TalkTalk IT security for this. OTOH, we nerds know that teenagers are DANGEROUS...

    1. Re:Rub their noses in it by tomhath · · Score: 1

      If a 15 y/o breaks into your house and steals your laptop is it less of a crime?

    2. Re:Rub their noses in it by AmiMoJo · · Score: 2

      He might not have done the hacking. Could be the one who sent the ransom email, hoping to cash in. He could just be some random *chan user that the police arrested out if desperation. The cops are pretty dumb when it comes to computers...

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Rub their noses in it by Anonymous Coward · · Score: 0

      You mean the bank's security was so bad, right? Why should it matter if anybody else knows my bank account number? That should not be enough to steal my money. If it is, I'm trusting the wrong people with my money.

    4. Re: Rub their noses in it by Anonymous Coward · · Score: 0

      If you are paid to store third party goods, and you let any punk breal inside and stole everything, you are at very least guilty by imprudence.

    5. Re: Rub their noses in it by Anonymous Coward · · Score: 0

      Apparently they stole your dictionary.

    6. Re: Rub their noses in it by Anonymous Coward · · Score: 0

      Nope, they just stole his keyboard, now he is using a smaller replacement.

    7. Re:Rub their noses in it by Anonymous Coward · · Score: 0

      If a 15 year old breaks into a compound where people have paid to have property stored, it's not less of a crime, but the "victim" should also face charges for being incompetent with other people's property.

    8. Re:Rub their noses in it by Anonymous Coward · · Score: 0

      If the locks on the house are made from cheese, it's no less of a crime but I would still look like a right moron.

  6. Such ignorance by chispito · · Score: 1
    And no, I'm not talking about arresting a 15 year old.

    In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.

    It is not the job of private industry to go on the counter-offensive and somehow stop attackers, and even if they somehow could, attribution is often incredibly difficult. Just look at the Sony hack. North Korea? Eh... Maybe at best.

    Sure, the private sector can and should enhance their security, but good luck staying completely ahead of organized crime on that front. Governments absolutely should be going after cyber criminals, assuming they are actual cyber criminals and not just dumb kids (not because dumb kids get a pass but because they should focus first on malicious actors with a political or financial motive).

    --
    The Daddy casts sleep on the Baby. The Baby resists!
    1. Re:Such ignorance by Anonymous Coward · · Score: 0

      Make companies legally liable for easily prevented hacks.

      Right now, companies have little financial incentive to hire competent IT security staff to stop attacks. Big companies with big databases of personal information should be made to submit to yearly mandatory pen testing. You fail the pen test, you get a deadline to sort things out, or pay a huge fine.

    2. Re:Such ignorance by guruevi · · Score: 2

      It's fairly simple staying ahead of organized crime. Decent security practices counter pretty much any automated attack (which is what cyber-criminals do). Even things like storing card details is something that is well outdated and even against PCI practices (which are a minimum set anyone with a modicum of experience can comply with).

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    3. Re:Such ignorance by Anonymous Coward · · Score: 0

      So in your world, companies should never be held responsible for their crappy security. They can be trusted to "do their best", even when it costs them a fraction of their profits.

      Customers should expect all their medical and financial data to be accessible to Russian hackers, and have no right to complain when a company makes zero effort to secure their data. Because there won't be any consequences for the company. Because "it was teh evil haxx0rs".

      That is what you are implying, right?

    4. Re:Such ignorance by Anonymous Coward · · Score: 1

      last week I was easily able to circumvent Wal-Mart's brick and mortar security by using the old "Pick-ax through the window" hack. The fools haven't even patched that yet? The manager was pleading with a local policeman to come and arrest me, but luckily for me, he just said "well its not really the governments job to enforce the laws they pass."

    5. Re:Such ignorance by Anonymous Coward · · Score: 0

      The problem here is the banks.

      The stupid authentication system for credit cards is to produce the number printed on the card. For extra security, produce the much shorter number printed on the back of the card.

      Once you have acquired those two numbers, you can drain the account.

      This is absurd. Banks are incredibly foolish. Consumers are foolish for falling for it.

      THE REAL PROBLEM HERE IS THE BANK!

      I recently received a credit card in the mail with somebody else's name on it. When I called the support line printed on the card I was connected to an automated PIN setup routine. I got to choose the PIN. It turns out, it was a pre-paid credit card used for payroll. And that was all the security they had on the card. Shame on the bank. Shame on the employer for using that bank and that system.

    6. Re:Such ignorance by Pax681 · · Score: 2

      Make companies legally liable for easily prevented hacks.

      That's what the Information commissioners Office does within the UK and often punishes data breaches with fines

    7. Re:Such ignorance by KGIII · · Score: 1

      You know... You probably, unknowingly, broke a law when you entered in and created the PIN information. I have no idea which law you probably broke but, given the way laws are, that was probably a felony. I'm not even kidding. It could be anything from unauthorized use of a computer system to all sorts of various banking related crimes depending on your jurisdiction. You knew it wasn't your card and even though you were doing the right thing, you still entered in and changed that data without the consent of the actual card holder.

      I don't think that opening mislabeled mail is illegal - I think that one might have been settled in the supreme court (assuming US laws). The content inside, on the other hand... Yeah, you probably committed a felony. I'd not raise a stink over it or the issuing bank could opt to contact an already affiliated district attorney (or the likes) and see if they can come up with a way to shut you up. I'm not usually the tin-foil hat type but, yeah... I'm not even sure that this is tin-foil-hat-territory. Businesses are, sometimes, damned evil and willing to go a long ways to protect their image or get revenge.

      --
      "So long and thanks for all the fish."
    8. Re:Such ignorance by twokay · · Score: 1

      Maybe they should pay their taxes if they want the government to protect them from the bad teenagers. Absolutely no sympathy from me.

      --
      Wannabe nerd.
    9. Re: Such ignorance by Anonymous Coward · · Score: 0

      All they needed was apk's hosts file ap. Duhh

  7. Fix the link in the summary! by Anonymous Coward · · Score: 0

    The "recent hack" link in the summary is nonsense. Sheesh!

  8. He's an aspie MRA by Anonymous Coward · · Score: 0

    Cut him some slack. He's an aspie MRA. Slashdot is one of the few places he has to sob and whine.

    1. Re:He's an aspie MRA by Anonymous Coward · · Score: 0

      He was going to build a fake clock for school but that ship has sailed...

    2. Re:He's an aspie MRA by Anonymous Coward · · Score: 0

      What does building a fake clock for school have to do with the posts above? Ah, I see . . . you're another aspie. Yelling out things to show your perceived "smartness" that are, in fact, completely irrelevant to anything anyone has been saying.

    3. Re:He's an aspie MRA by Anonymous Coward · · Score: 0

      What does building a fake clock for school have to do with the posts above? Ah, I see . . . you're another aspie. Yelling out things to show your perceived "smartness" that are, in fact, completely irrelevant to anything anyone has been saying.

      What does trolling have to do with the article above? I see . . . you're another MALE with an INFERIORITY COMPLEX trying to show that your mind is above that of another, based on completely made up facts that have no way of being proven. You're . . . making noise! Only no one cares and your score isn't high enough to be noticed. Plus the parent is Anonymous Coward so they can't see your response unless they're looking for it, and why would they? Wait, what in the fuc* am I doing???

  9. disinformation like Blue Cross, Target, or others by Anonymous Coward · · Score: 0

    When there is a big breach, they often say "it is not that big" right away, and then 6-12 months down the road say "oh, it was stunningly huge and we were all wrong".

    Don't get caught in the anti-hype. Read the history of these things. The company who had the breach is trying to mitigate losses, not proliferate the truth.

    What do you want to bet that it was not a 15 year old kid, and that there is actually substantial risk?

  10. Don't hack computers by Anonymous Coward · · Score: 0

    Don't hack computers, you'll go to prison and your (_*_) will become (_O_)

    1. Re:Don't hack computers by Anonymous Coward · · Score: 1

      America is one of the few countries where prision rape is seen as being so commonplace that it's a routine joke.

    2. Re:Don't hack computers by KGIII · · Score: 1

      Not sure if serious...

      Hell, in the Eastern Europe region they not only rape you but they'll often hold you down and tattoo the equivalent of "bitch" across your forehead with tattoo ink made from melted boot heels and urine. Rape's common in prisons across the globe. America just is stupid and has more people in prison. Some, a smaller number than you might think, are much more humane and actually have adequate staffing, a smaller prison population, and proper housing routines.

      --
      "So long and thanks for all the fish."
  11. More seriously by TheCarp · · Score: 3, Insightful

    I think what we really need is an immediate and complete cessation of any and all funding, and public attention paid to any organizations and all persons who are known to use the prefix "cyber" unironically in any context other than particular role playing games and genres of fantasy novel.

    --
    "I opened my eyes, and everything went dark again"
    1. Re:More seriously by Anonymous Coward · · Score: 0

      Does this mean CSI Cyber will go away? The quotes that I overhear from it as my wife watches that show make me laugh, then cry a little.

      apk

  12. Not a matter of harsher laws, if kids can get in by gweihir · · Score: 1

    Seriously, if security is this pathetic, the only laws needed are ones that put hefty fines on the companies responsible and on the individuals that are responsible for the screw-up in the company, like CEOs that did not do their job.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. I propose a huge penalty... by Type44Q · · Score: 3, Insightful

    I propose a huge penalty for companies that allow inexperienced programmers to hack into them. :)

  14. Fifteen year old boy arrested .. by nickweller · · Score: 1

    So it wasn't sinister Chinese/Russian hackers after all ..

  15. In other news by Anonymous Coward · · Score: 0

    In other news, home owners are calling on the government to not bother taking action against burglars, because every single resident is perfectly capable of fending them off on their own, and don't need any government help in prevention, protection, trend analysis, investigation, detaining, arresting, prosecution, or punishment of criminals.

  16. bow - locks by Peter+(Professor)+Fo · · Score: 1

    Without the 'cyber' we have a 15-yo walks in through the front door of a major corporation, whistles a merry tune as he steps into 'PROTECTED AREA' where the customer records are floating about like confetti and walks out. No. Once upon a time the UK justice system had competent state-funded lawyers to protect lads like this. Talk Talk still got shafted. Even if the wrong-un is convicted they were still shafted.

  17. Blah blah blah blah blah blah. by pigsycyberbully · · Score: 0

    They go to the same group they share their e-mail address with the same group they use the same VPN. They are monitored and they have the agent provocateurs praising them. They are coached how to use the automatic hacking software. They are just adolescents sending out malware attachments spyware and so on encouraged by agent provocateurs. They don't make or discover by themselves they are coached. Everything they are doing they've been encouraged to do and they are monitored all the way. Windows anti malware antivirus monitors all websites you visit it is how they keep up-to-date with malware threats. Fraud protection in browser options is the same thing. VPN has log files when they switched that off their Internet provider has log files. That is why they get pop-up messages saying this website has been blocked and so on. Fuck them they are cannon fodder is what is being said. Sad. They say they can always catch a glory seeker by releasing false statements declaring to be that person. And that person ends up breaking their neck to post messages to say blah blah blah.

  18. TalkTalk spokesman: "It's My Site!" by imac.usr · · Score: 1

    "Don't you forget,
    It's my site,
    It never ends!"

    --
    for the record No Doubt did a pretty cool cover version of the song as well, check out https://www.youtube.com/watch?...

    --
    I use Macs for work, Linux for education, and Windows for cardplaying.
  19. Three words: by Anonymous Coward · · Score: 0

    "Kill the Gibson!"

    There is a disconnect between businesses and government and this country and the the best interests of STEM and IT talent. It will not improve until the rights of citizens are again respected by the government and businesses. You don't stay in business by screwing people. It is a simple fact that has been forgotten. If I had College to do over again I would have become an accountant and not an IT person. The way things are going, IT and STEM innovations are better pursued in countries other than the US and the UK. The US and the UK have lost their way and until that ship is righted, the top STEM and IT talent will be leaving the building.

    *Drops the microphone...

  20. He's not The Messiah by Anonymous Coward · · Score: 0

    He's a very naughty boy!!

  21. Well by nospam007 · · Score: 1

    "the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him..." ...but he doesn't talktalk.

    1. Re:Well by Anonymous Coward · · Score: 0

      Does he WalkWalk?

  22. Kid could've gotten some good "notoriety" by Anonymous Coward · · Score: 0

    See subject: If he instead reported that he found a vulnerability to them instead. He'd have been a "hero" rather than a "villain" imo then dealing with this bad notoriety he's getting now.

    * Seriously... @ least that's what I feel (or would've felt, especially if I ran or owned that TalkTalk server(s)).

    APK

    P.S.=> It'd be better than the results for him now I'd imagine (which isn't meant to be funny on my part either - I just feel he could've "played this" a lot better helping them out instead of trying to steal or wreck things)... apk

    1. Re:Kid could've gotten some good "notoriety" by Anonymous Coward · · Score: 0

      not my first language English is sorry

      apk

      P.S.=> I prefer P.C.L.

    2. Re:Kid could've gotten some good "notoriety" by Anonymous Coward · · Score: 0

      Not taking the bait.

      APK

      P.S.=> You know you lost about it when you posted last time. Now you are jealous, much

  23. "Imitation is the sincerest form of flattery" by Anonymous Coward · · Score: 0

    See subject: "Imitation is the sincerest form of flattery" & you wish you were me - you impersonating me proves it...

    APK

    P.S.=> It also proves you're nothing but a worthless TRULY cowardly troll... apk

  24. You're not as bad but "impersonating" me? by Anonymous Coward · · Score: 0

    See subject: Please - "Imitation is the sincerest form of flattery" & you wish you were me - you impersonating me proves it...

    * Paper roses!

    APK

    P.S.=> It also proves you're nothing but a worthless TRULY cowardly troll... apk

    1. Re:You're not as bad but "impersonating" me? by Anonymous Coward · · Score: 0

      Proof again that you aren't able to beat me! Good try but not close enough.

      APK

      P.S.=>You just keep making people see I'm better. Go ahead and keep trolling, only proves me right... apk

  25. "Imitation (you) = the sincerest form of flattery" by Anonymous Coward · · Score: 0

    See subject - it's proof you WISH you were me but you're just a "paper rose" imitation (the sincerest form of flattery - even if it's from a retarded trolling immature imbecile such as yourself).

    * :)

    (So, thank-you for proving the above, & face facts: You can't imitate my inimitable style... especially to those that own this site or its admins, as they can see "WHO posted WHAT" & when etc. - et al...)

    APK

    P.S.=> Puny trolls, wasting their lives as forums trolls - which is FINE by me (they're not respectable competition) lol, it's hilarious knowing this on MY end & blowing their doors off @ every single turn... apk