Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

TalkTalk hackhack duoduo thrownthrown in the coolercooler: 'Talented' pair sentenced for ransacking ISP

Matthew Hanley, Connor Allsopp get 12 and 8 months in the clink, respectively

Richard Chirgwin Tue 20 Nov 2018  //  07:32 UTC

Two miscreants were sent down by the Old Bailey yesterday for their role in the 2015 hacking of UK ISP TalkTalk.

Matthew Hanley, 23, and Connor Allsopp, 21, both of Tamworth in Staffordshire, were jailed for 12 and eight months, respectively, by the judge, Anuja Dhir QC. The pair pleaded guilty last year to various charges related to the cyber-attack, in which more than 150,000 TalkTalk subscriber records were siphoned off.

Essentially, Hanley hacked the ISP's website after learning of SQL injection vulnerabilities in the code, and gave the swiped personal data to Allsopp to sell to online fraudsters. Both men also revealed details of how they broke into the site to other people to then exploit. Investigators recruited by TalkTalk in the aftermath of the network infiltration believe as many as 10 people were involved.

Dhir thought Hanley was a "dedicated hacker," and added that both he and Allsopp were apparently "individuals of extraordinary talent." In a strange twist, the court heard how Hanley and Allsopp were also caught with stolen login details to NASA systems, handed over to them by a Skype contact as a gift.

In November 2016, a 17-year-old pleaded guilty in a Norwich Youth Court to breaking the Computer Misuse Act for his role in the TalkTalk hack – he had used tools to scan the ISP's website for vulnerabilities, slurped thousands of subscriber records as a result, and shared details of the holes with other hackers. He received a rehabilitation order, and had his iPhone confiscated.

Scammers hired hundreds of 'staff' to defraud TalkTalk customers

READ MORE

The attacks came to light in the wake of a mysterious outage at the broadband ISP on October 21, 2015. After avoiding responding to The Register's inquiries for some time, it eventually emerged that miscreants had poked around TalkTalk's website exploiting SQL-injection bugs, and that personal information had been stolen.

TalkTalk claimed the data theft cost it £77m. It also cost the broadband provider £400,000 in fines levied by the UK Information Commissioner's Office for slack security that allowed unencrypted customer records to be lifted.

In 2016, Daniel Kelley, then 19, was arrested, charged, and later admitted committing computer crimes: as well as hacking TalkTalk, he also tried to extort 465 Bitcoins from then-CEO Dido Harding.

Earlier this year, Harding attributed the hack to legacy technology she described as "the IT equivalent of an old shed in a field that was covered in brambles." ®
Send us news
40 Comments

Judge refuses to Ctrl-Z divorce order made by a misclick

Computer says you're single

Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

No prizes for guessing the victims

Microsoft to tackle spam by restricting Exchange Online bulk email

Need to send to more than 2,000 external recipients in 24 hours? Time to start looking for an alternative

SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work

No breach responsible for employee contact info getting out, says T-Mo

US Equal Employment agency says Workday AI hiring bias case should continue

Judge to hear software vendor's effort to dismiss discrimination case next month

NASA confirms Florida house hit by a piece of ISS battery pack

Who needs aircon when you have NASA to punch holes through your home?

Open sourcerers say suspected xz-style attacks continue to target maintainers

Social engineering patterns spotted across range of popular projects

AI gold rush continues as Microsoft invests $1.5B in UAE's G42

Can regulators keep up?

Micron says it's first to QLC NAND with over 200 layers

Enhanced data density and speed upgrades, though challenges in endurance remain

Change Healthcare’s ransomware attack costs edge toward $1B so far

First glimpse at attack financials reveals huge pain

Blackstone wants to plug hyperscale datacenter into former Britishvolt battery site

Plans to plant $12B bitbarn where homegrown renewables hope once lived

Google location tracking deal could be derailed by politics

$62 million settlement plan challenged over payments to progressive nonprofits