Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Crime Security United Kingdom

15-Year-Old Boy Arrested In Connection With TalkTalk Hack ( 100

Phil Ronan writes: Scotland Yard says police have arrested a 15-year-old boy in connection with the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him and conducting a search of the house he lives in. TalkTalk now says the breach was smaller than it thought, and full credit card details are not at risk. "Dido Harding said any credit card details taken would have been partial and the information may not have been enough to withdraw money 'on its own.' Card details accessed were incomplete — with many numbers appearing as an x — and 'not usable' for financial transactions, it added." In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.
This discussion has been archived. No new comments can be posted.

15-Year-Old Boy Arrested In Connection With TalkTalk Hack

Comments Filter:
  • by Sowelu ( 713889 ) on Monday October 26, 2015 @04:57PM (#50805565)

    I mean, of course if your store is getting broken into a lot, you should buy better locks. Doesn't mean that if there's a crime spree and a rash of of robberies you shouldn't call on the government to investigate or patrol more.

    • by mattyj ( 18900 )

      I thought that was a weird comment, too. There have only been a few times in history (American) where private companies were the ones also enforcing the laws.

      The "urgent action" in the story is the suggestion that UK law enforcement take data theft as seriously as physical theft. Meaning, investigate and prosecute. Not sure why anyone would be against that.

      • It's their implication that they were innocent victims, when in reality they left their safe unlocked, and the door open overnight.

        • No it's not their implication at all. They have held their hands up to not knowing which parts of the data was encrypted and which wasn't.

          It's other businesses that have called for more government (i.e. police) action on cyber crime. And quite rightly too.

          • What's wrong with current enforcement? They usually do catch the guys (Lulzsec, this case, etc...) which is much more than they can say about real world break ins.

            • Haven't seen the details on how they caught this one yet, but he did try to blackmail them. Always difficult to come up with a scheme to collect blackmail money and negotiate it without giving yourself away.

              Usually is certainly not the case. Internet fraud is a steady and profitable business for many, many people, with almost no chance of getting caught.

      • They are already taking it more seriously than physical theft. What was the last time you've been robbed? What did the police do about it?
        • When for good or bad, the police reaction is proportional to the scale and severity of the crime. A burglary affects one household. This potentially affected hundreds of thousands of people.

        • When I had a house robbery, the police took prints, our report, etc, then called me a month later to ask if I found the thief...I thought that was hilarious, as I had no access to the crime lab.

      • by KGIII ( 973947 )

        Per your enforcing the law... Hmm... I guess that depends on how you look at it? I'm probably reaching a bit here so I'll try to be brief - I don't have much of a point, anyhow.

        My business had been broken into, the alarm company called, the kid was in custody. After letting it get partway through the court system we opted to drop charges and were able to set up a deal with the judge. He had to work to pay off the money to cover the repairs. We'd convinced our cleaning company to take him on to work at our o

    • That editorial summary tried to blame the business, but it did a piss poor job of it. Had the editor actually read the article, then they would have gotten great ammo from it.

      The fact is. That business didn't notify any of the affected customers when it found out about the breach. And two, there seems to be anecdotal evidence that this information is out there, even if it's incomplete, and that scammers have been using the little bit of information they do have to get the rest through social engineering.


  • Also in the news (Score:5, Informative)

    by Opportunist ( 166417 ) on Monday October 26, 2015 @05:15PM (#50805677)

    Consumers called for "urgent action" to slap corporations with crippling fines who are collecting all sorts of data of their customers but are too incompetent to defend it against 15 year old script kiddies.

    • by gweihir ( 88907 )

      Couldn't agree more. Pathetic-level security must have severe consequences for both the company and the company officials responsible.

    • by houghi ( 78078 )

      This reminds me of a hack that happened a few years ago in Belgium. Some people claimed he was not really hacking, just using a known flaw (IIRC). His reply was that that makes it even WORSE. If a non-hacker can get into the system, it does not make the "hacker" smarter, it makes the defense more stooped.

  • by Bruce66423 ( 1678196 ) on Monday October 26, 2015 @05:25PM (#50805735)
    The security was so bad that a boy could defeat it. Worth making fun of the ignoramus in charge of TalkTalk IT security for this. OTOH, we nerds know that teenagers are DANGEROUS...
    • by tomhath ( 637240 )
      If a 15 y/o breaks into your house and steals your laptop is it less of a crime?
    • by AmiMoJo ( 196126 )

      He might not have done the hacking. Could be the one who sent the ransom email, hoping to cash in. He could just be some random *chan user that the police arrested out if desperation. The cops are pretty dumb when it comes to computers...

  • And no, I'm not talking about arresting a 15 year old.

    In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.

    It is not the job of private industry to go on the counter-offensive and somehow stop attackers, and even if they somehow could, attribution is often incredibly difficult. Just look at the Sony hack. North Korea? Eh... Maybe at best.

    Sure, the private sector can and should enhance their security, but good luck staying completely ahead of organized crime on that front. Governments absolutely should be going after cyber criminals, assuming they are actual

    • by guruevi ( 827432 )

      It's fairly simple staying ahead of organized crime. Decent security practices counter pretty much any automated attack (which is what cyber-criminals do). Even things like storing card details is something that is well outdated and even against PCI practices (which are a minimum set anyone with a modicum of experience can comply with).

    • by Anonymous Coward

      last week I was easily able to circumvent Wal-Mart's brick and mortar security by using the old "Pick-ax through the window" hack. The fools haven't even patched that yet? The manager was pleading with a local policeman to come and arrest me, but luckily for me, he just said "well its not really the governments job to enforce the laws they pass."

    • by twokay ( 979515 )
      Maybe they should pay their taxes if they want the government to protect them from the bad teenagers. Absolutely no sympathy from me.
  • More seriously (Score:4, Insightful)

    by TheCarp ( 96830 ) < minus pi> on Monday October 26, 2015 @06:13PM (#50805973) Homepage

    I think what we really need is an immediate and complete cessation of any and all funding, and public attention paid to any organizations and all persons who are known to use the prefix "cyber" unironically in any context other than particular role playing games and genres of fantasy novel.

  • Seriously, if security is this pathetic, the only laws needed are ones that put hefty fines on the companies responsible and on the individuals that are responsible for the screw-up in the company, like CEOs that did not do their job.

  • by Type44Q ( 1233630 ) on Monday October 26, 2015 @06:20PM (#50806009)

    I propose a huge penalty for companies that allow inexperienced programmers to hack into them. :)

  • So it wasn't sinister Chinese/Russian hackers after all ..
  • Without the 'cyber' we have a 15-yo walks in through the front door of a major corporation, whistles a merry tune as he steps into 'PROTECTED AREA' where the customer records are floating about like confetti and walks out. No. Once upon a time the UK justice system had competent state-funded lawyers to protect lads like this. Talk Talk still got shafted. Even if the wrong-un is convicted they were still shafted.
  • "Don't you forget,
    It's my site,
    It never ends!"

    for the record No Doubt did a pretty cool cover version of the song as well, check out []

  • "the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him..." ...but he doesn't talktalk.

"my terminal is a lethal teaspoon." -- Patricia O Tuama