TalkTalk hires BAE Systems to investigate cyber attack

25 Oct 2015 | Author: | No comments yet »

Cyber-crime needs to be tackled urgently.

TalkTalk customers targeted by cyber-criminals reacted with fury last night after being told they will be fined hundreds of pounds for cancelling their accounts. ‘It is appalling,’ said Dawn Palmer, 50, an educational manager from Leigh-on-Sea, Essex, who has received 50 calls from impostors claiming to be from TalkTalk over the past six months. ‘They said my account doesn’t run out until July 2016 so I’d have to pay an early-leavers’ penalty.’ Her sentiment was echoed by hundreds of others whose personal details were compromised.TalkTalk has called in cyber-specialists from BAE Systems to investigate the theft and ransom of four million customers’ personal and financial details by online criminals. As the telecom firm’s chief executive Dido Harding faced calls to quit last night, customers took to social media to register outrage after their bank accounts were emptied following the attack. Complete credit card details are not stored in its system, and account passwords were not accessed. “We now expect the amount of financial information that may have been accessed to be materially lower than initially believed, and would on its own not enable a criminal to take money from your account,” a spokesman added.

Experts from the defence giant’s Applied Intelligence division, the organisation formerly known as Detica, were combing through reams of system logs at the broadband operator’s west London headquarters alongside officers from the Metropolitan Police’s cybercrime unit. As TalkTalk’s shares slid 4.4pc on Friday, Baroness Harding, its chief executive, announced that she had received a threat that sensitive customer data would be exposed if a ransom was not paid.

Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information. “TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer. Although it was not certain that the threat was authentic, it is understood that the ransom demand was received before news of the breach was made public on Thursday evening.

Asked whether customers should be compensated rather than penalised, Baroness Harding, who pledged to clean up the web from hackers after her elevation to the House of Lords last year, said: ‘It is too early to start thinking about generic principles of compensation.’ Consumer watchdog Which? insisted customers should now be compensated, stressing: ‘No one should lose out as a result of this breach’, while the Information Commissioner’s Office questioned whether TalkTalk acted fast enough to tell customers about Wednesday morning’s attack. The investigations remained in their early stages this weekend, but sources close to the situation said there were no indications so far of any insider involvement in the crime. A former IT worker with the firm told The Mail on Sunday that he repeatedly raised security concerns with his bosses. ‘I told my manager, my senior manager and my head of department,’ he said. ‘But they never did anything about it.’ He said the cyber-attack in August on Carphone Warehouse, which used to own TalkTalk, should have ‘rung alarm bells’. Several hacking groups have since claimed responsibility for the hack, including one described as a “Russian Islamist group” although there is little evidence to support this.

That would include a customer’s name, address, account history, bank details, even the security code on the back of their debit card.’ TalkTalk last night insisted that it had not received ‘conclusive evidence’ that any of its customers had lost out financially because of the attack. ‘It’s still too early, we are investigating,’ said a spokeswoman. Online security expert Brian Krebs said promises to post the stolen data appeared on an online black market site that specialised in selling stolen goods and illicit drugs.

Of the penalty fines on leaving contracts early, the company said: ‘Because we do not know which customers are affected we cannot make a decision on cancellation fees.’ All the major banks contacted by this newspaper said they were working with TalkTalk to ensure their customers’ accounts were not affected by the hacking and advised customers to watch out for any suspicious activity on their accounts. Most importantly, what lessons can be learnt by us all about the risks involved in living so much of our lives online – and the strategies for protection? It was still unclear last night who was behind the attack, though it is now thought less likely to be the work of Islamic extremists with experts suggesting that Russian cyber-criminals might be responsible. ‘My personal take is that this could be part of a wider pattern of activity encouraged or even supported by the Russian state as part of an effort to destabilise the West,’ said Ewan Lawson, a cyber-security expert at the Royal United Services Institute. Mr Krebs warned that opportunistic hack attacks were providing criminals with growing blackmail opportunities. “It seems as if the crooks are getting better situational awareness when they break in somewhere for an opportunistic attack to mushroom into something much bigger and most costly for the victim or organisation.” Anxious TalkTalk customers have lambasted the company’s response to the hack, with scores of people criticising the lack of information from the firm.

He said: ‘These hackers will want to sell it on as soon as possible so that customers don’t have time to change their passwords.’ Harding’s husband, Tory MP John Penrose, speaking at their Somerset home yesterday, said she was working ‘incredibly hard’ at TalkTalk’s West London HQ this weekend. ‘She feels that the captain should be on the bridge of the ship right now,’ he said. In 2013 the Home Affairs Select Committee warned that the UK was now the favourite target of online criminals in 25 countries, in part because companies “simply reimburse the victims with no pursuit of the perpetrators”. The impostor called the couple, both in their 80s, on Tuesday – the day before TalkTalk claim the hack took place – telling them that the internet connection at their Kent home was faulty. Shame on TalkTalk – that money was what my parents live on.’ Hilary Foster, a barristers’ practice manager from Surbiton, Surrey, said she discovered on Friday morning that her account had been targeted by the cyber-hackers. ‘It’s outrageous that TalkTalk didn’t tell me about the risk earlier,’ said the 43-year-old. ‘They’ve known since Wednesday and I only found out this morning when I checked my account. Frankly, if it happens once and data is compromised most companies would want to do absolutely everything within their power to reassure their millions of customers, and make sure when they seek new customers they can reassure them their data is protected.

To have happened three times without effective action being taken is very serious.” He said police warned him two years ago they were losing the war against cyber crime: “What tends to happen is, if you’re hacked online and money is taken out of your bank account, the banks usually give it back, and therefore people don’t try to find out who is responsible.”

Here you can write a commentary on the recording "TalkTalk hires BAE Systems to investigate cyber attack".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site