Categories: Security

Boy Arrested In Northern Ireland Over TalkTalk Hack

Police have arrested a 15-year-old boy in Northern Ireland in connection with the TalkTalk cyber-attack, in the first major development since the breach was disclosed last Thursday.

The boy, who has not been named, was arrested in County Antrim on Monday afternoon by officers from the Police Service of Northern Ireland working with detectives from the Metropolitan police’s cybercrime unit (MPCCU), according to police.

Questioning

He was arrested on suspicion of offences under the Computer Misuse Act and taken for questioning to a County Antrim police station, police said, adding that a search of the teenager’s address is underway.

“We know this has been a worrying time for customers and we are grateful for the swift response and hard work of the police,” TalkTalk said in a statement. “We will continue to assist with the ongoing investigation.”

Also on Monday culture minister Ed Vaizey told the House of Commons an inquiry into the hack is to be launched by Jesse Norman, chair of the culture, media and sport select committee, calling the incident “very serious”.

TalkTalk, for its part, has tried to downplay the import of the hack, saying that data such as credit and debit card numbers do not seem to have been compromised, although information such as bank account numbers and sort codes “may have been accessed”.

Exit fees

The company said it would only waive termination fees for customers wishing to switch providers mid-contract “in the unlikely event that money is stolen from a customer’s bank account as a direct result of the cyber-attack”.

It specified that this wouldn’t apply in the case, for instance, of customers who lost money to scammers making use of stolen customer data to make their ploys more believable. A number of TalkTalk users have already fallen prey to such scams as a result of past TalkTalk data breaches, according to reports.

“We would like remind customers that banking or other personal details are increasingly being used by criminals as part of phone, email or text scams,” TalkTalk acknowledged.

TalkTalk has insisted it had adequate security in place. The company faces a maximum fine from the Information Commissioner’s Office (ICO) of £500,000 if the breach is found to have resulted from lax practices on TalkTalk’s part.

SQL injection attack

The company has said a distributed denial of service (DDoS) attack was launched against its website to distract from a more serious attack called a SQL injection.

The SQL injection technique allows a successful attacker to request arbitrary data from the database behind the application being attacked, meaning that “it would be prudent to assume that all data kept within the database is now compromised,” said Wim Remes, manager of EMEA strategic services at security firm Rapid7.

He said the tactic of inundating a server with traffic to conceal another attack is “very common”.

“By distracting the target, the attacker buys more time to focus on the assets they are really after,” Remes said. “Organisations can address this by implementing multi-layer monitoring systems.”

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

15 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

16 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

16 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

17 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

17 hours ago