15-Year-Old Boy Arrested In Connection With TalkTalk Hack (bbc.co.uk) 100
Phil Ronan writes: Scotland Yard says police have arrested a 15-year-old boy in connection with the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him and conducting a search of the house he lives in. TalkTalk now says the breach was smaller than it thought, and full credit card details are not at risk. "Dido Harding said any credit card details taken would have been partial and the information may not have been enough to withdraw money 'on its own.' Card details accessed were incomplete — with many numbers appearing as an x — and 'not usable' for financial transactions, it added." In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.
That editorial summary tho (Score:5, Insightful)
I mean, of course if your store is getting broken into a lot, you should buy better locks. Doesn't mean that if there's a crime spree and a rash of of robberies you shouldn't call on the government to investigate or patrol more.
Re: (Score:2)
So you're okay with people breaking into your home, as long as they don't take anything of value?
How about criminal trespass, and yes, thievery. Doesn't matter if someone doesn't end up with 'anything usable', they possess property/data that doesn't belong to them.
Re: That editorial summary tho (Score:2)
I once had someone go digging through my car. Nothing was damaged and the only thing missing was a broken ipod touch.
Not exactly worried about it. Didn't file a police report because nothing of value was lost.
Personally i always am ssure to lock the vehicle (my wife would say obsessive). It is entirely possible my toddler had gotten ahold of the key fob and unintentionally unlocked the car. Shit happens. I'm just more careful about where I put my keys and the kids are older now and know not to push the butt
Re: (Score:2)
Re: (Score:3)
I imagine if they didn't file a report and this happened again but information was stolen, it would look like they had been covering up a history of negligence - even if they did take steps to beef up their security.
Also, not reporting it could make it seem they were not even aware the hack happened which could embolden people to keep trying.
Re: (Score:2)
No, they possess a copy. *nods* We, Slashdot, are all about information being free until it's our information. We didn't take anything when we made a copy. They still have use of that data, after all.
Yes, tongue-in-cheek. I do, actually, support copyright and patents but I feel the system needs to be reformed to reflect a more modern society and the speed that technology now changes.
Re: (Score:1)
I thought that was a weird comment, too. There have only been a few times in history (American) where private companies were the ones also enforcing the laws.
The "urgent action" in the story is the suggestion that UK law enforcement take data theft as seriously as physical theft. Meaning, investigate and prosecute. Not sure why anyone would be against that.
Re: (Score:2)
It's their implication that they were innocent victims, when in reality they left their safe unlocked, and the door open overnight.
Re: (Score:2)
No it's not their implication at all. They have held their hands up to not knowing which parts of the data was encrypted and which wasn't.
It's other businesses that have called for more government (i.e. police) action on cyber crime. And quite rightly too.
Re: (Score:2)
What's wrong with current enforcement? They usually do catch the guys (Lulzsec, this case, etc...) which is much more than they can say about real world break ins.
Re: (Score:2)
Haven't seen the details on how they caught this one yet, but he did try to blackmail them. Always difficult to come up with a scheme to collect blackmail money and negotiate it without giving yourself away.
Usually is certainly not the case. Internet fraud is a steady and profitable business for many, many people, with almost no chance of getting caught.
Re: (Score:3)
Re: (Score:2)
Try this one cool trick to better grammar, the teachers hate it!
Re: (Score:2)
Everything You Were Told About Capital Letters Is a LIE
He's Coding His sTatement. It's just Bad fOrmatting of the vAriable nAmes. _dUuhh.
Re: That editorial summary tho (Score:1)
Re: (Score:2)
When for good or bad, the police reaction is proportional to the scale and severity of the crime. A burglary affects one household. This potentially affected hundreds of thousands of people.
Re: (Score:2)
When I had a house robbery, the police took prints, our report, etc, then called me a month later to ask if I found the thief...I thought that was hilarious, as I had no access to the crime lab.
Re: (Score:2)
Per your enforcing the law... Hmm... I guess that depends on how you look at it? I'm probably reaching a bit here so I'll try to be brief - I don't have much of a point, anyhow.
My business had been broken into, the alarm company called, the kid was in custody. After letting it get partway through the court system we opted to drop charges and were able to set up a deal with the judge. He had to work to pay off the money to cover the repairs. We'd convinced our cleaning company to take him on to work at our o
Re: (Score:2)
If a 15yr old is responsible, believe me, they have a lot to worry about. Like why are they even in business if some kid wet behind the ears can troll their servers. Fuck em I say. That goes for all entities hacked now or ever.
The kid was clearly a terrorist or would have not accomplished such nearly-impossible feat. The business needs protection from *terrorists*! *cough*
Re: (Score:1)
Re: (Score:2)
That editorial summary tried to blame the business, but it did a piss poor job of it. Had the editor actually read the article, then they would have gotten great ammo from it.
The fact is. That business didn't notify any of the affected customers when it found out about the breach. And two, there seems to be anecdotal evidence that this information is out there, even if it's incomplete, and that scammers have been using the little bit of information they do have to get the rest through social engineering.
In
Re: (Score:2)
Hmm... Not sure if serious?
Very seldom does the "government" stop crime. They investigate it and punish it, after the fact. They don't usually prevent anything.
This may not be a popular thing to say but, as I think about this - I'm okay with that. The methods they'd need to use to stop crime would be too harsh, I think. I'd assume they'd be only able to accomplish this be removing freedoms and restricting rights. I am kind of happy that the government isn't really meant to (even if they think they are) stop
Re: (Score:2)
Hmm... Not sure if serious?
It was clearly just a "Hey, Biff, what's that?!?!" ploy. Read: "Don't focus on our security; it's clearly them there terr'rist kids doing the impossible, like getting through our impenetrable security measures. We need more gub'mint efforts to stop this hacking of our society as a whole and we'll help however we can!"
Truth: "Uh, we suck at security, even financial. We understand if no one trusts us with their financial or private info anymore. Granted, the loss wasn't that bad, but it proves that we can
Re: (Score:2)
This is what happens when you teach computer science ti kids. They have the mental acuity to figure out how to do terrible things, but not the maturity or moral conscience to know better.
The political agenda aimed at creating more software developers in order to pull salaries down will just create a new Internet crime wave.
Just watch.
That is such a wise view of Human repetition of mistakes that it can't possibly happen! We never make the same stupid mistakes again and again and ag.....
Also in the news (Score:5, Informative)
Consumers called for "urgent action" to slap corporations with crippling fines who are collecting all sorts of data of their customers but are too incompetent to defend it against 15 year old script kiddies.
Re: (Score:2)
Couldn't agree more. Pathetic-level security must have severe consequences for both the company and the company officials responsible.
Re: (Score:2)
Ok. Please tell me how to buy anything online without handing out at the very least name, address and credit card number (and that's really the bare minimum required to get anything delivered). Depending on what I want to buy other personal information like shoe size, sexual preferences or topics of interest will be available to the merchant.
And what does a bank have to do with this AT ALL? You may have an argument concerning the credit card, but everything else is necessarily something I have to inform the
Re: (Score:3)
Yes, he does indeed have a point about credit card numbers. In this day and age we shouldn't have to pass an unchanging credit card number and ccv number to a merchant. Information which allows them to make multiple transactions without any further approval.
Rather we should be able to pass a one off number for a particular transaction, a number that identifies both people in the transaction and the amount. It'll be a long number, but that's OK we all have the technology in our pockets for it to be generated
Re: (Score:2)
Amex used to let you generate a one-shot CC number for any given transaction.
It was called "Private Payments".
I wish they still had it.
Re: (Score:3)
Re: (Score:2)
$ sudo alias app-get="apt-get" && alias moo="update" && alias cows="upgrade"
$ sudo app-get moo && cow
Re: (Score:2)
$ sudo alias app-get="apt-get" && alias moo="update" && alias cows="upgrade"
$ sudo app-get moo && cow
But, but.. what about the Penguins?
Rub their noses in it (Score:4)
Re: (Score:2)
Re: (Score:3)
He might not have done the hacking. Could be the one who sent the ransom email, hoping to cash in. He could just be some random *chan user that the police arrested out if desperation. The cops are pretty dumb when it comes to computers...
Such ignorance (Score:2)
In other news, businesses leaders are calling on the government to take "urgent action" against cyber-criminals, because somehow the security of their online systems is the government's responsibility, not theirs.
It is not the job of private industry to go on the counter-offensive and somehow stop attackers, and even if they somehow could, attribution is often incredibly difficult. Just look at the Sony hack. North Korea? Eh... Maybe at best.
Sure, the private sector can and should enhance their security, but good luck staying completely ahead of organized crime on that front. Governments absolutely should be going after cyber criminals, assuming they are actual
Re: (Score:3)
Make companies legally liable for easily prevented hacks.
That's what the Information commissioners Office does within the UK and often punishes data breaches with fines
Re: (Score:3)
It's fairly simple staying ahead of organized crime. Decent security practices counter pretty much any automated attack (which is what cyber-criminals do). Even things like storing card details is something that is well outdated and even against PCI practices (which are a minimum set anyone with a modicum of experience can comply with).
Re: (Score:1)
last week I was easily able to circumvent Wal-Mart's brick and mortar security by using the old "Pick-ax through the window" hack. The fools haven't even patched that yet? The manager was pleading with a local policeman to come and arrest me, but luckily for me, he just said "well its not really the governments job to enforce the laws they pass."
Re: (Score:2)
You know... You probably, unknowingly, broke a law when you entered in and created the PIN information. I have no idea which law you probably broke but, given the way laws are, that was probably a felony. I'm not even kidding. It could be anything from unauthorized use of a computer system to all sorts of various banking related crimes depending on your jurisdiction. You knew it wasn't your card and even though you were doing the right thing, you still entered in and changed that data without the consent of
Re: (Score:1)
Re: (Score:1)
America is one of the few countries where prision rape is seen as being so commonplace that it's a routine joke.
Re: (Score:2)
Not sure if serious...
Hell, in the Eastern Europe region they not only rape you but they'll often hold you down and tattoo the equivalent of "bitch" across your forehead with tattoo ink made from melted boot heels and urine. Rape's common in prisons across the globe. America just is stupid and has more people in prison. Some, a smaller number than you might think, are much more humane and actually have adequate staffing, a smaller prison population, and proper housing routines.
More seriously (Score:4, Insightful)
I think what we really need is an immediate and complete cessation of any and all funding, and public attention paid to any organizations and all persons who are known to use the prefix "cyber" unironically in any context other than particular role playing games and genres of fantasy novel.
Not a matter of harsher laws, if kids can get in (Score:2)
Seriously, if security is this pathetic, the only laws needed are ones that put hefty fines on the companies responsible and on the individuals that are responsible for the screw-up in the company, like CEOs that did not do their job.
I propose a huge penalty... (Score:4, Insightful)
I propose a huge penalty for companies that allow inexperienced programmers to hack into them. :)
Fifteen year old boy arrested .. (Score:2)
bow - locks (Score:2)
TalkTalk spokesman: "It's My Site!" (Score:2)
"Don't you forget,
It's my site,
It never ends!"
--
for the record No Doubt did a pretty cool cover version of the song as well, check out https://www.youtube.com/watch?... [youtube.com]
Well (Score:2)
"the recent hack on UK phone and internet provider TalkTalk. Authorities are in the process of questioning him..." ...but he doesn't talktalk.