TalkTalk Hacker Gets Four Year Sentence
One of the youngsters behind TalkTalk detained for four years, despite depression and Asperger claim
The long arm of the law has caught up with one of the youngsters behind the devastating hack of Internet Service Provider (ISP) TalkTalk.
The TalkTalk hack in 2015 resulted in the theft of the data belonging to more than 100,000 customers and the ISP sustained losses of at £60 million, as well as massive reputation damage for the firm.
In 2016 Daniel Kelley, from Llanelli, Carmarthenshire, pleaded guilty to hacking and was told by the judge to prepare himself for a prison sentence.
Guilty plea
In that same year a 17 year-old teenager, who could not be named for legal reasons, pleaded guilty in a separate hearing in a Norwich court to taking part in the hack. That teenager was issued with a 12-month rehabilitation order and had his iPhone and hard drive confiscated.
But Welshmen Daniel Kelley who was arrested on 25 November 2015, always faced a much stiffer sentence.
Kelley had no previous convictions, but it seems that he not just hacked TalkTalk, but other organisations as well.
Kelley admitted in 2016 to hacking TalkTalk’s systems in order to obtain customer data. He also plead guilty to further charges including blackmail and money laundering, after he demanded a payment of 465 bitcoins (£286,295) from TalkTalk CEO Dido Harding.
Judge Paul Worsley warned Kelley at the time that jail time was “inevitable” and that he should “prepare” himself.
Four years
And now the 22 year old Kelley has been sentenced at the Old Bailey on Monday to four years’ detention in a young offenders institution.
The 22-year-old apparently has Asperger’s syndrome and has suffered from depression and extreme weight loss since he pleaded guilty to the hacking-related offences in 2016, the BBC reported.
And it seems that Kelley did little to help himself when the full extend of his crimes became apparent.
Judge Mark Dennis reportedly told the Old Bailey that Kelley hacked computers “for his own personal gratification” regardless of the damage caused.
Hacking spree
Kelley’s decision to blackmail TalkTalk’s CEO revealed a “cruel and calculating side to his character”, the BBC quoted the judge as saying.
Prosecutor Peter Ratliff meanwhile had previously described Kelley as a “prolific, skilled and cynical cyber-criminal” who was willing to “bully, intimidate, and then ruin his chosen victims from a perceived position of anonymity and safety – behind the screen of a computer”.
It seems that between September 2013 and November 2015, Kelley hacked both his own school, and other targets to obtain data he could then use to blackmail both individuals and companies.
Kelley reportedly hacked nto Coleg Sir Gar school out of “spite or revenge”, causing widespread disruption to students and teachers and impacting the Welsh Government Public Sector network.
But even worse Kelley’s hacks resulted in radiologists at Hywel Dda health board in west Wales losing access to diagnostic image services.
A spokesman for the board told the BBC that Kelley’s actions posed a “serious clinical risk”.
And Kelley did not stop hacking after he was arrested and bailed in 2015.
Indeed, he reportedly continued his cyber crime spree and tried to blackmail a number of individuals.
The fact that Kelley was talented did not go unnoticed by security experts, who wish for more education in schools about the risks associated with this course of action.
“Unfortunately, channeling gifted young people into white hat hacking away from the dark side is a challenging feat, to say the least,” said Jake Moore, cybersecurity specialist at ESET. “Many young people talented enough to take down a large company’s website usually commit such offences out of spite rather than for financial gain. When malice or even anger is the reason behind such attacks, it is far more difficult for law enforcement agencies to persuade them to change direction.”
Cybercrime Prevent teams around the country put huge efforts into helping young offenders or ‘would be’ offenders and attempting to encourage them away from committing crimes – some of which do not even realise they are committing the offences,” said Moore.
“The more cybersecurity challenges created to entice them into the ethical side of hacking the better but it is not as simple as just throwing on a few cyber games here and there,” said Moore. “We need to start even earlier in schools to help teach the children and the parents the impact of what cyber-crime can have on their futures from as early age as possible.“
Teenager Hackers
The TalkTalk hack is notable mainly down to the young age of all the attackers.
A total of six people, all aged under 21, were arrested as part of the police investigation into the matter.
In November 2015 for example a 20-year-old man was arrested at an address in south Staffordshire.
In Northern Ireland police also arrested a 15-year-old boy and a 16-year-old boy from Feltham, west London, was also arrested in connection with the attack.
The arrested youngster from County Antrim, Northern Ireland, later took legal action against The Daily Telegraph, The Daily Mail and The Sun, as well as Google and Twitter, for alleged breach of privacy.
Quiz: Are you a security pro?