TalkTalk Shows Hacking Is Child’s Play
It has been revealed that the cyber attack on TalkTalk last October 2015 was carried out by a 16 year old boy! Now aged 17, the boy who cannot be named for legal reasons, targeted Cambridge and Manchester University before using hacking tool software to identify TalkTalk’s vulnerabilities. He then posted the details online, resulting in the telecoms company being targeted more than 14,000 times and the chief executive being blackmailed via email.
Last month, TalkTalk was fined a record sum by the Information Commissioners Office (ICO) for their 2015 security breach in which 157000 customer accounts were compromised. The data stolen included Personally Identifiable Information (PII) which included the names, addresses, dates of birth, phone numbers and email addresses and for 10% of these accounts, as well as access to bank account details and sort codes.
Script Kiddies are dead. Long live Script Kiddies.
The urban dictionary defines a Script Kiddie as “One who relies on premade exploit programs and files (“scripts”) to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for – the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved.”
An article from July 2000 of interviews with several script kiddies of the time produced some very enlightening quotes:
“It’s a way to escape a lot of the bullsh*t that I get in real life,” … “Because I don’t have that much going on in my life.”
“My dad just said, ‘now’ … that’s when I gotta get leaving.”
“The world we live (in) … everything is the same, so incredibly boring. I feel if I deface, at least, I’m making some kind of difference.”
“I’ll continue defacing, not as much as I used to, but I will be around.”
“Never deface any site in your own country or give information about yourself over the Internet.”
“Be nice, always, so no one will hate you.”
The script kiddies in these interviews appeared to be young (possibly still living at home?) bored and seemingly without a solid direction in their lives. Sixteen years later and it appears script kiddies are similar, but a bit more sophisticated, a bit more grown up.
A recent report by the BBC titled ‘Hanging out with the script kiddies‘ uncovered similar comments.
“We have members on an almost universal scale with skill sets ranging from being able to turn a computer on, to critical vulnerability exploitation.”
“Certainly, not all members are great hackers, and not all are completely inept either, but it varies from person to person…The one great thing about Hack Forums is that it is a safe place to discuss the fine art of hacking, or whatever else catches your interest.”
“I can think of 10-15 arrests in the last 6 months in which all the people have been under the age of 18,” said Richard Jones, head of the National Crime Agency’s Prevent programme that tries to stop young people tumbling into a life of cyber crime. “We are seeing more people getting into cyber crime in the UK. It is getting more accessible as well – the internet makes it very easy for young people to learn about it.”
Hacking Toolkits, Training & Support
Hacking tool software of the like used for the TalkTalk attack, is readily available online. These tools are becoming available at low cost to average people so that they can launch their own attacks. This army of independent, lower-level hackers potentially poses a greater threat to individuals, who more prominent hacking organisations might not bother with. This ability for small-time players to commit small-time crimes to other people is predicted to grow dramatically in the next year. There will be a lot more people that can attack us now and the chances of more schoolboys taking down large telecoms companies are getting more likely every day.
The boy behind the TalkTalk breach told magistrates: “I didn’t think of the consequences at the time. I was just showing off to my mates.”
“It was a passion, not any more. I won’t let it happen again. I have grown up” he said.
Infosec Partners can help
In today’s world, our lives are under attack like never before. The boundaries between our public, work and private lives have never been more blurred and our dependence on electronic communication and internet connectivity means there are many more avenues of attack for criminals who are actively targeting our personal and financial data, safety and reputation.
From significant global organisations to high profile individuals and families, Infosec Partners are trusted to optimise defences and protect against cyber attacks. Whether providing fully managed security services, independently testing your cyber readiness or providing crisis management and responding to incidents, Infosec Partners are proven partners of excellence and full-spectrum security experts that puts your security first.
Contact us today for more information and for your free consultation, by completing the adjacent form or call us to speak with one of our trusted advisors immediately:
+44 (0)1256 893662