TalkTalk attack: ‘Urgent action needed’ on cyber-crime

24 Oct 2015 | Author: | No comments yet »

EDWARD LUCAS: Plain truth is we’ve all been far too complacent.

Shares in British broadband provider TalkTalk were hit as it said it had received a ransom demand from an unidentified party claiming responsibility for a cyber attack that may have led to the theft of personal data from its more than four million customers.Imagine a hotel careless enough to put its guests’ room keys on public display, along with their names, credit cards, passport details and home addresses.

Customers have complained that they were targeted by criminals days before the telecoms company admits the data of up to four million of its subscribers was stolen by hackers. TalkTalk made the announcement late on Thursday, but The Telegraph can disclose that as early as Friday last week customers suffered attacks on their home computers, as well as scam calls by thieves who knew their names and account details.

If the theft is confirmed by a police investigation it would be one of Britain’s biggest online security breaches. “We have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker,” TalkTalk chief executive Dido Harding told the BBC. It has admitted that its website was hacked earlier this week, and that information including the date of birth, address, credit card, and bank details of its four million customers might have been stolen. “We take any threat to the security of our customers’ data extremely seriously and we are taking all the necessary steps to understand what has happened here,” TalkTalk CEO Dido Harding said in a statement.

Keith Vaz, the chairman of the cross-party home affairs select committee, said evidence was beginning to emerge that TalkTalk had covered up the true scale of the “alarming and unacceptable” crime. The line that previously divided hacktivists, criminals and outsourced, state-led efforts at espionage have become blurred, a report by the European police agency said last month. Baroness Harding of Winscombe, TalkTalk’s chief executive who is known professionally as Dido Harding, was under mounting pressure to explain her response to the crisis. Criminals are increasingly adopting the long-term tactics of highly skilled, highly motivated groups often charged by a state to break into critical systems of rival nations and steal information. “Even though cyber sabotages have been infrequent so far, attacks on critical infrastructures are a threat that is here to stay,” said Europol. When Russia invaded Georgia in 2008, patriotic hackers were given the technological tools to carry out cyber-attacks to back the military efforts, according to analysts; similar attacks were used against Ukraine six years later.

Last night – more than 24 hours after the company admitted it had suffered one of the largest hacks ever carried out on a British company – it was still unable to tell customers how much data had been stolen. The covert state activity led one academic to liken the hackers to the privateer ships in the Elizabethan era sent off to attack treasure ships of enemy nations. That made it easy for the still-unknown attackers – perhaps criminals, perhaps political extremists, perhaps a mixture of the two – to steal customer information from its computers. Europol said there was a blurring of the lines between groups who broke into critical infrastructure systems to steal information and profit-driven cyber criminals – “with both camps borrowing tools, techniques and methodologies from each other’s portfolios”. Mr Vaz said last night: “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated.

The clumsily worded statement that followed the cyber-attack on TalkTalk led one security analyst to scoff that the claim of responsibility appeared to have come via Google Translate. She added that she was “unable to say” whether scam phone calls to its customers in recent days were based on information stolen in this week’s hack or on earlier occasions. No chief executive would sleep easily at night if the company headquarters were secured merely with a child’s padlock, with vital commercial secrets strewn on every desk. But the online release gave few clues to suggest whether “The Web of Haram” was a jihadist-inspired attack, a cover for a Russian-backed attempt to create economic mischief, or the work of a disaffected schoolboy operating from his bedroom. The growth of the market in hacking tools has allowed a new broad base of “unskilled, entry-level” cyber criminals to launch attacks on a scale way beyond their own technical ability.

Asked whether the company would now face official action by the watchdog Mr Graham declined to comment because his organisation is now carrying out an official review. Far too many company directors have not the faintest idea how computers work, or the formidable arsenal of weapons and trickery which attackers can deploy. David Emm, principal security researcher at Kaspersky Lab, said: “There’s no such thing as 100 per cent security, so … it’s essential that online providers take steps to encrypt the data they hold. Peter Sommer, a visiting professor at De Montfort University’s cyber security unit, said it looked as though TalkTalk had “made some rather unfortunate decisions” about their systems. An illiterate and venomous posting on the Pastebin website, accompanied by what appears to be a portion of the data stolen from TalkTalk, appears to claim responsibility on behalf of Islamist extremists.

So attacking TalkTalk, a major provider of mobile phone and internet services, could be a stunt by those bent on destroying our way of life in the misguided pursuit of piety. Even ordinary internet users can be blackmailed because they have left a compromising trail online by browsing pornographic websites, or posting indecent pictures.

Here you can write a commentary on the recording "TalkTalk attack: ‘Urgent action needed’ on cyber-crime".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site