TalkTalk cyber-attack: customer got scam call nearly a day before

25 Oct 2015 | Author: | No comments yet »

Jihadist TalkTalk hack ‘begins holy cyber war on Britain’ but reveals yet another way extremists fund terror.

Data stolen in the cyber attack would not allow criminals to plunder customers’ bank accounts, the company claimed. TalkTalk has called in cyber-specialists from BAE Systems to investigate the theft and ransom of four million customers’ personal and financial details by online criminals.Regulators must be given significant new “US-style” powers to tackle the escalating problem of online fraud in the wake of the cyberattack that potentially potentially compromised the security of millions of TalkTalk customers, IT experts said.

Jihadists who have claimed responsibility for the massive hack attack on broadband provider TalkTalk claim to have begun their ‘cyber holy war’ on the UK. Complete credit card details are not stored in its system, and account passwords were not accessed. “We now expect the amount of financial information that may have been accessed to be materially lower than initially believed, and would on its own not enable a criminal to take money from your account,” a spokesman added. Experts from the defence giant’s Applied Intelligence division, the organisation formerly known as Detica, were combing through reams of system logs at the broadband operator’s west London headquarters alongside officers from the Metropolitan Police’s cybercrime unit.

She said: “I personally received a contact from someone purporting, as I say I don’t know whether they are or are not, to be the hacker looking for money.” And then hours later the Jihadi cyber hackers shared a message online that read: “We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers. As TalkTalk’s shares slid 4.4pc on Friday, Baroness Harding, its chief executive, announced that she had received a threat that sensitive customer data would be exposed if a ransom was not paid. The London-based tricksters – who may or may not be acting independently of the supposed hackers – pose as police or bank staff and claim their victim’s account is compromised, before sending fake couriers to collect bank cards and details.

The company, which has had two other data breaches this year, also said that the attack did not hit its systems and that customers’ website account passwords had not been accessed. Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information. “TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer. Although it was not certain that the threat was authentic, it is understood that the ransom demand was received before news of the breach was made public on Thursday evening.

The jihadist group spreading death and mayhem across Iraq and Syria is already the world’s richest rebel organisation with more than £1.5billion at its disposal. But British business leaders on Saturday warned about the danger of cyber crime and urged police to make the issue an urgent priority, saying firms faced continual security breaches. The investigations remained in their early stages this weekend, but sources close to the situation said there were no indications so far of any insider involvement in the crime. British hacker Junaid Hussain, 20, jailed in 2012 for stealing personal information from Tony Blair and posting it online, was thought earlier this year to have been masterminding a plan to bring in countless millions more.

Earlier in the week, experts had warned the information seized – including names, addresses, date of birth, and email address of some of its four million customers – could still prove invaluable to criminals. “With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road,” said Ryan Wilk, director with NuData Security. He was believed to be teaching other hackers how to crack the code used to safeguard passwords and sensitive information – however reports in August claimed that he was killed in a US airstrike. “The middlemen, traders, refiners, transport companies, and anyone else that handles [ISIS’s] oil should know that we are hard at work identifying them, and that we have tools at hand to stop them,” David Cohen, the undersecretary for terrorism and financial intelligence at the US treasury, has said. In the aftermath of the US invasion of Iraq, Sunni militants joined with Saddam Hussein’s former generals to form a powerful alliance which has gone on to become ISIS.

It is likely to be asked about what steps it has taken to comply with stringent PCI/DSS regulations – the global standards set up by transaction companies such as MasterCard and Visa – that require companies to silo and isolate sensitive financial data. How TalkTalk responded to the audits may be crucial as to whether it is fined by the ICO, suggested Dr Simon Moores, a former government technology adviser and chair of the International eCrime Congress, the industry body that brings together IT professionals working for governments and law enforcement agencies. Online security expert Brian Krebs said promises to post the stolen data appeared on an online black market site that specialised in selling stolen goods and illicit drugs. Mr Krebs warned that opportunistic hack attacks were providing criminals with growing blackmail opportunities. “It seems as if the crooks are getting better situational awareness when they break in somewhere for an opportunistic attack to mushroom into something much bigger and most costly for the victim or organisation.” Anxious TalkTalk customers have lambasted the company’s response to the hack, with scores of people criticising the lack of information from the firm.

Telecom giant AT&T was recently fined £17m over data breaches at its call centres in Mexico, Colombia and the Philippines. “In light of the TalkTalk debacle, not only must the ICO review its powers and the levels of fine it can apply against companies shown to be remiss in looking after their customers, but the Financial Conduct Authority and parliament need to look more closely at this, given the extent of data breaches starting to appear,” Moores said. Former home office minister Hazel Blears described the TalkTalk data breach as “a wake-up call” that should prompt a debate about whether further regulation was needed, suggesting cybercrime was “probably the biggest threat to our economy”.

I can’t imagine anyone picking TalkTalk as a broadband provider now.” Another customer, Barbara Manley, said she and her husband had lost £9,000 from their bank account on 21 October, after being contacted by a caller purporting to be from TalkTalk on 18 October and then again on 20 October. “They appeared to know all about us and asked my husband to start the computer up and it went on from there,” she said. “It seemed so genuine.” Customers have been offered free credit monitoring to check whether fraudsters are using stolen details to impersonate them. In response to reports that it had been warned by experts about its security, a spokesman for the firm said: “New techniques for attack develop all the time, so TalkTalk constantly updates and reviews our systems to try to stay one step ahead of cybercriminals.

Since the previous attacks, we are working with world leading cybersecurity experts and investing a lot in making sure our system is as secure as possible. Unfortunately, no system is ever totally invincible.” The company’s accounts, published in June, reveal that a Head of Security was appointed “to establish and oversee the new Security Operations Centre, the activities of which have been outsourced to cyber security experts BAe systems.” Moores said: “Everything we have seen suggests that Talk Talk historically may have failed to take reasonable steps and that the CEO appears completely out of touch with the risks that are widely described.

Frankly, if it happens once and data is compromised most companies would want to do absolutely everything within their power to reassure their millions of customers, and make sure when they seek new customers they can reassure them their data is protected. To have happened three times without effective action being taken is very serious.” He said police warned him two years ago they were losing the war against cyber crime: “What tends to happen is, if you’re hacked online and money is taken out of your bank account, the banks usually give it back, and therefore people don’t try to find out who is responsible.”

Here you can write a commentary on the recording "TalkTalk cyber-attack: customer got scam call nearly a day before".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site