TalkTalk hack: 15-year-old boy arrested in Northern Ireland over cyber attack

News stunned security experts who had assumed that Isis terrorists or major country had been behind the breach

Paul Gallagher
Monday 26 October 2015 20:09
The TalkTalk hacking has led to the theft of up to 4 million credit card and bank details
The TalkTalk hacking has led to the theft of up to 4 million credit card and bank details

A boy of 15 has been arrested and questioned on suspicion of being the mastermind behind the TalkTalk data theft cyber attack.

A team from Scotland Yard’s Cyber Crime Unit joined Police Service of Northern Ireland officers as they raided the teenager’s home in County Antrim. The boy was arrested on suspicion of Computer Misuse Act offences and taken to a nearby police station.

News of the suspect’s age stunned security experts who had assumed that a group of Isis terrorists or a country such as Russia had been behind the massive breach. IT insiders said it would be a “gamechanger” if proven that a teenager operating from his bedroom could bring a global company to its knees.

The Met said the property was being searched and inquiries by CCU detectives, the PSNI’s Cyber Crime Centre and the National Crime Agency are continuing.

A spokesman said on Monday night: “An arrest has been made in connection with the investigation into alleged data theft from the TalkTalk website. At approximately 4.20pm, officers from the Police Service of Northern Ireland (PSNI), working with detectives from the Metropolitan Police Cyber Crime Unit, executed a search warrant at an address in County Antrim, Northern Ireland.

“At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed.”

The phone and broadband provider, which has four million customers, initially said last week that the “sustained” attack was a DDoS, a distributed denial of service attack where a website is bombarded with waves of traffic.

When experts pointed out a DDoS attack would not explain the loss of data TalkTalk later indicated it had been hit by an attack known as an SQL injection - a technique where hackers gain access to a database by entering instructions in a web form.

IT security experts had already expressed surprise at how a company the size of TalkTalk was still vulnerable to the method, as it is a well-known type of attack and there are relatively simple ways of defending against it.

The company has been heavily criticised for its handling of the cyber attack – the third it has suffered in the last eight months, with incidents in August and February resulting in customers’ data being stolen.

Following last week’s breach TalkTalk admitted that customers’ bank account and sort code details may have been accessed as some customers said money has gone missing from their accounts.

TalkTalk said there is currently no evidence that customers’ bank accounts have been affected but it does not know how much customer information was encrypted. The company said it would contact all current customers and that an unknown number of previous customers may also be at risk.

TalkTalk’s chief executive Dido Harding said last week the firm had received a ransom demand from someone claiming to be behind the cyber attack.

Jesse Norman, chair of the Culture, Media and Sport Select Committee, is leading an inquiry into the alleged data breach.

Cyber Security Minister Ed Vaizey had earlier told MPs that companies could face bigger fines for failing to protect customer data from such attacks. He said the Information Commissioner’s Office can already levy “significant fines” but told the Commons he was “open to suggestions” about how the situation could be “improved”.

TalkTalk is facing a maximum fine of £500,000 but the SNP’s John Nicolson said the prospect was “clearly not terrifying” for a company with an annual revenue of £1.8 billion a year.

Shares in the telecoms company fell more than 12 per cent on Monday extending its losses from last week when news of the attack first emerged.

A statement from Talk Talk said: “We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police. We will continue to assist with the ongoing investigation.

“In the meantime, we advise customers to visit [our website] for updates and information regarding this incident.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in