Slashdot Mirror

← Back to Stories (view on slashdot.org)

15-Year-Old Boy Arrested In Connection With TalkTalk Hack (bbc.co.uk)

Posted by Soulskill on from the fish-in-a-barrel dept.

Phil Ronan writes: Scotland Yard says police have arrested a 15-year-old boy in connection with the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him and conducting a search of the house he lives in. TalkTalk now says the breach was smaller than it thought, and full credit card details are not at risk. "Dido Harding said any credit card details taken would have been partial and the information may not have been enough to withdraw money 'on its own.' Card details accessed were incomplete — with many numbers appearing as an x — and 'not usable' for financial transactions, it added." In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.

13 of 100 comments (clear)

  1. That editorial summary tho by Sowelu · · Score: 5, Insightful

    I mean, of course if your store is getting broken into a lot, you should buy better locks. Doesn't mean that if there's a crime spree and a rash of of robberies you shouldn't call on the government to investigate or patrol more.

    1. Re:That editorial summary tho by mattyj · · Score: 2

      So you're okay with people breaking into your home, as long as they don't take anything of value?

      How about criminal trespass, and yes, thievery. Doesn't matter if someone doesn't end up with 'anything usable', they possess property/data that doesn't belong to them.

    2. Re:That editorial summary tho by Maritz · · Score: 2

      Everything You Were Told About Capital Letters Is a LIE

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    3. Re: That editorial summary tho by JackieBrown · · Score: 2

      I imagine if they didn't file a report and this happened again but information was stolen, it would look like they had been covering up a history of negligence - even if they did take steps to beef up their security.

      Also, not reporting it could make it seem they were not even aware the hack happened which could embolden people to keep trying.

  2. Also in the news by Opportunist · · Score: 4, Informative

    Consumers called for "urgent action" to slap corporations with crippling fines who are collecting all sorts of data of their customers but are too incompetent to defend it against 15 year old script kiddies.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Also in the news by BasilBrush · · Score: 2

      Yes, he does indeed have a point about credit card numbers. In this day and age we shouldn't have to pass an unchanging credit card number and ccv number to a merchant. Information which allows them to make multiple transactions without any further approval.

      Rather we should be able to pass a one off number for a particular transaction, a number that identifies both people in the transaction and the amount. It'll be a long number, but that's OK we all have the technology in our pockets for it to be generated and sent without us concerning ourselves with what the number is.

      Given that banks could do this, but don't, they do as an industry bear some of the responsibility.

      Possibly it would kill Amazon's one click purchasing scheme and the like. But it would be worth it.

    2. Re:Also in the news by houghi · · Score: 2

      This reminds me of a hack that happened a few years ago in Belgium. Some people claimed he was not really hacking, just using a known flaw (IIRC). His reply was that that makes it even WORSE. If a non-hacker can get into the system, it does not make the "hacker" smarter, it makes the defense more stooped.

      --
      Don't fight for your country, if your country does not fight for you.
  3. Rub their noses in it by Bruce66423 · · Score: 3

    The security was so bad that a boy could defeat it. Worth making fun of the ignoramus in charge of TalkTalk IT security for this. OTOH, we nerds know that teenagers are DANGEROUS...

    1. Re:Rub their noses in it by AmiMoJo · · Score: 2

      He might not have done the hacking. Could be the one who sent the ransom email, hoping to cash in. He could just be some random *chan user that the police arrested out if desperation. The cops are pretty dumb when it comes to computers...

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Re:Such ignorance by guruevi · · Score: 2

    It's fairly simple staying ahead of organized crime. Decent security practices counter pretty much any automated attack (which is what cyber-criminals do). Even things like storing card details is something that is well outdated and even against PCI practices (which are a minimum set anyone with a modicum of experience can comply with).

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  5. More seriously by TheCarp · · Score: 3, Insightful

    I think what we really need is an immediate and complete cessation of any and all funding, and public attention paid to any organizations and all persons who are known to use the prefix "cyber" unironically in any context other than particular role playing games and genres of fantasy novel.

    --
    "I opened my eyes, and everything went dark again"
  6. I propose a huge penalty... by Type44Q · · Score: 3, Insightful

    I propose a huge penalty for companies that allow inexperienced programmers to hack into them. :)

  7. Re:Such ignorance by Pax681 · · Score: 2

    Make companies legally liable for easily prevented hacks.

    That's what the Information commissioners Office does within the UK and often punishes data breaches with fines