TalkTalk HackHack suspect: a TeenTeen aged 15 (he's free on BailBail)

TalkTalk Group CEO Baroness Diana 'Dido' Harding is under FireFire

TalkTalk Group hack suspect 15 boy bail
TalkTalk Group

The UK ISP TalkTalk is still flailing about, trying to work out what actually happened last week. And now we learn that police have arrested and bailed a 15-year-old young man (or "boy" as the British press prefer it).

But what has still not been adequately explained is how what was reported as yet another DDoS ransom attack resulted in a leak of customer data. It doesn't add up.

Some suspect the sample data on PasteBin to be fake. Some even see the dastardly hand of jealous competitors or hedge funds.

Poor Dido Harding. Perhaps she shouldn't have come out with the news until she had more info? She was damned when she did, but would have been damned if she didn't (like Carphone Warehouse was).

In IT Blogwatch, bloggers TypeType to BlogBlog.

Your humble blogwatcher curated these bloggy bits for your entertainment.
[Developing story: Updated 5:03 am PT with more comment]

Aunty speaks peace unto Nation:

News that the TalkTalk website had been hit by a "significant and sustained cyber-attack" broke last week.

Scotland Yard said a 15-year-old boy had been arrested in Northern Ireland [and] a house had been searched in County Antrim on Monday afternoon.

The boy was arrested on suspicion of Computer Misuse Act offences.  MORE

The aptly-named Nick Farrell adds his own unique style:

Inspector Knacker of the Yard [took him] into custody at Antrim police station.

A police statement said this was a joint investigation involving the Police Service of Northern Ireland [and] the Metropolitan Police Cyber Crime Unit.

The hack sparked calls for the force companies to encrypt data. ... Ed Vaizey told the House of Commons the government was not against compulsory encryption. ... Clearly he has not talked to his boss. David Cameron believes that encryption is the tool of choice of terrorists and companies should be forbidden from using it.  MORE

But John Leyden jars us awake with this:

Lawyers have taken issue with claims by TalkTalk [that it] was under no legal obligation to encrypt customers' sensitive data.

The 1998 Data Protection Act only goes as far as implying that UK organisations should consider encrypting sensitive customer information.

TalkTalk's share price [has] slumped. [But it] might have been even more severe if the breach had happened in the aftermath of tougher European data protection laws currently edging closer.  MORE

Wait. Pause. Breaking news from the local organ:

The 15-year-old Co Antrim teenager...was released after [1am PST] on police bail pending further enquiries.

It [is] not known...whether police are seeking anyone else in relation to the cyber attack, which had originally been claimed by Islamist extremists.

Policing Board member Jonathan Craig...said it raises questions...if the boy is proven to have taken part in the hack [of] how a teenager...could have been able to infiltrate a major company.  MORE

Meanwhile, Edwin Cluck conspires to theorize:

The media is waging a hysterical and malicious campaign with one objective: to damage TalkTalk.

The uniformity in those media attacks belies a common orchestrating hand to it all. [They] can't even muster any new "victims" in this psyop. The same old clowns trotted out for each interview.

Doubtless that share collapse is in part if not wholly due to the handiwork of the hedge funds -- manipulating the share price for their own private gain.

This media not without its victims among the rank-and-file employees. ... The ordinary TalkTalk employees - 10% of whom were made redundant last financial year -- might not fair this storm.

Could the contrived "hacking crisis" be a message to [the EU] from the "money power"? ... If you won't let us consolidate...then we'll just wipe-out telcos like TalkTalk using faux narratives to achieve the same end?  MORE

Update: Andy Pemberton waxes excoriatingly:

Dido Harding resembled the proverbial rabbit caught in the headlights, determined to stare down the pantechnicon about to crush her.

It was obvious she had paid more attention to her crisis management team than she did to [her CIO] who left...this summer; or the other senior IT staff that have quit...this year; or the security consultant who in September warned the company about their feeble cyber-security.

As well as being uncertain about the technical nature of the attack, Harding also confessed that she did not know how much of the stolen data was encrypted.

How could Baroness Harding be so clueless? ... Would Harding still be in her job if she was as baffled by the financial workings of her organisation?

It’s time for a re-education programme in digital skills. ... First stop...could be a look at the Social Engineer Toolkit...which openly provides tools and techniques for launching attacks.  MORE

And Finally...
Diana's latest update

You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Copyright © 2015 IDG Communications, Inc.

Shop Tech Products at Amazon