TalkTalk once told GCHQ: Cyberattack? We'd act fast – to get sport streams back up

National Cyber Crime Unit spills on pre-2015 megahack convo

shutterstock_192561857-cat-

Updated Prior to its disastrous 2015 mega hack, UK ISP TalkTalk had told British spies at GCHQ that should an attack occur, its main focus would be to restore "online sports streaming", according to the head of operations at the country's National Cyber Crime Unit.

Speaking at the Cyber Security in Healthcare event at the UK Health Show in London, Mike Hullett said all the major telcos had been surveyed by the spooks prior to the hack that affected 157,000 TalkTalk customers' personal details.

"They were all asked what they would need to stand up after an attack," he said. TalkTalk responded its live sports streaming, as it was most concerned about being able to maintain a competitive advantage against BT. "That is a company with its priorities wrong."

It transpired that just before the hack, the company had been advertising for an information security officer.

Former boss Dido Harding later told MPs there was no specific line manager for cybersecurity, as the responsibility cuts across multiple roles in the company.

The company estimated the attack cost it £42m. Since then it said it has "substantially" increased its investment in cybersecurity, and has appointed a chief information security officer.

Hullett said he did not have the data to hand as to how other companies responded to GCHQ, but said it was important to add that TalkTalk was still a victim.

"The other point to make is that if an attack against a big high-profile company happens [people think] it must be high-end actors in place, but that is not necessarily the case."

Earlier this year, Matthew Hanley, 22, and Connor Douglass Allsopp, 20, both from Tamworth, pleaded guilty to the 2015 attack.

Allsopp admitted to police that he had supplied details on the vulnerabilities in TalkTalk's website that were exploited to get to the customer records.

The Register has asked TalkTalk for a comment. ®

Updated to add

A spokesperson for TalkTalk has been in touch to say:

We do not recognise these comments. Our biggest security priority has always been protecting our customers.


Biting the hand that feeds IT © 1998–2017