TalkTalk hires defence giant to hunt down cyber blackmailers

25 Oct 2015 | Author: | No comments yet »

Hackers can’t raid bank accounts, claims TalkTalk CEO Dido Harding.

TalkTalk has called in cyber-specialists from BAE Systems to investigate the theft and ransom of four million customers’ personal and financial details by online criminals. Regulators must be given significant new “US-style” powers to tackle the escalating problem of online fraud in the wake of the cyberattack that potentially potentially compromised the security of millions of TalkTalk customers, IT experts said.“We now expect the amount of financial information that may have been accessed to be materially lower than initially believed and would on its own not enable a criminal to take money from your account,” a spokesman added.

Jihadists who have claimed responsibility for the massive hack attack on broadband provider TalkTalk claim to have begun their ‘cyber holy war’ on the UK. Experts from the defence giant’s Applied Intelligence division, the organisation formerly known as Detica, were combing through reams of system logs at the broadband operator’s west London headquarters alongside officers from the Metropolitan Police’s cybercrime unit.

Baroness Harding warned customers never to give out financial details if they are contacted by phone or email by anyone asking for personal information. “TalkTalk will never call you and ask you over the phone to give your personal financial information, we will never call you out of the blue and ask you to give us access to your computer. “I know that to people listening 36 hours feels like a long time but we had teams working around the clock to get the sense of the scale of the attack and we communicated it before we knew that. She said: “I personally received a contact from someone purporting, as I say I don’t know whether they are or are not, to be the hacker looking for money.” And then hours later the Jihadi cyber hackers shared a message online that read: “We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers. The first line of defence is for customers to change their TalkTalk account passwords and to start monitoring their bank accounts for any unexplained or suspicious activity. As TalkTalk’s shares slid 4.4pc on Friday, Baroness Harding, its chief executive, announced that she had received a threat that sensitive customer data would be exposed if a ransom was not paid. Richard Lloyd, executive director, said: “We expect that any affected TalkTalk customers who want to leave their contract should be able to do so without penalty. “Nobody should lose out as a result of this breach, so TalkTalk should also look at what more it needs to do for its customers, including appropriate compensation for those affected.

The London-based tricksters – who may or may not be acting independently of the supposed hackers – pose as police or bank staff and claim their victim’s account is compromised, before sending fake couriers to collect bank cards and details. The company, which has had two other data breaches this year, also said that the attack did not hit its systems and that customers’ website account passwords had not been accessed. One way to protect against this is to monitor all credit checks that are carried out on you – these happen every time you apply for credit of any sort. Although it was not certain that the threat was authentic, it is understood that the ransom demand was received before news of the breach was made public on Thursday evening.

But the TalkTalk chief executive, Dido Harding, insisted the data stolen in the cyberattack would not allow criminals to plunder customers’ bank accounts. The jihadist group spreading death and mayhem across Iraq and Syria is already the world’s richest rebel organisation with more than £1.5billion at its disposal.

But British business leaders on Saturday warned about the danger of cyber crime and urged police to make the issue an urgent priority, saying firms faced continual security breaches. However, TalkTalk says it is “looking to organise a year’s free credit monitoring for all of our customers and will be in touch on this in due course”.

The investigations remained in their early stages this weekend, but sources close to the situation said there were no indications so far of any insider involvement in the crime. British hacker Junaid Hussain, 20, jailed in 2012 for stealing personal information from Tony Blair and posting it online, was thought earlier this year to have been masterminding a plan to bring in countless millions more. Customers also need to be especially vigilant for so-called ‘phishing’ emails – messages that try and get you to reveal sensitive and personal information.

Earlier in the week, experts had warned the information seized – including names, addresses, date of birth, and email address of some of its four million customers – could still prove invaluable to criminals. “With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road,” said Ryan Wilk, director with NuData Security. He was believed to be teaching other hackers how to crack the code used to safeguard passwords and sensitive information – however reports in August claimed that he was killed in a US airstrike. “The middlemen, traders, refiners, transport companies, and anyone else that handles [ISIS’s] oil should know that we are hard at work identifying them, and that we have tools at hand to stop them,” David Cohen, the undersecretary for terrorism and financial intelligence at the US treasury, has said. If hackers are already armed with your email address and other personal information, they are able to craft these emails far more convincingly than otherwise. In the aftermath of the US invasion of Iraq, Sunni militants joined with Saddam Hussein’s former generals to form a powerful alliance which has gone on to become ISIS. It is likely to be asked about what steps it has taken to comply with stringent PCI/DSS regulations – the global standards set up by transaction companies such as MasterCard and Visa – that require companies to silo and isolate sensitive financial data.

Beware especially of offers of ‘refunds’ that require your bank or credit card details to process; or security checks that require you to ‘confirm’ personal information such as passwords. How TalkTalk responded to the audits may be crucial as to whether it is fined by the ICO, suggested Dr Simon Moores, a former government technology adviser and chair of the International eCrime Congress, the industry body that brings together IT professionals working for governments and law enforcement agencies. Another, more subtle, technique a determined phisher might use on a target they consider high value is to collect small pieces of information that by themselves might seem harmless.

But by putting all this information together, the fraudster can create the means, either to access financial accounts, or to take out credit fraudulently. The really determined hacker and phisher is extremely hard to deter, but if you are at least on high alert, you have a far better chance of seeing them off. Telecom giant AT&T was recently fined £17m over data breaches at its call centres in Mexico, Colombia and the Philippines. “In light of the TalkTalk debacle, not only must the ICO review its powers and the levels of fine it can apply against companies shown to be remiss in looking after their customers, but the Financial Conduct Authority and parliament need to look more closely at this, given the extent of data breaches starting to appear,” Moores said. Former home office minister Hazel Blears described the TalkTalk data breach as “a wake-up call” that should prompt a debate about whether further regulation was needed, suggesting cybercrime was “probably the biggest threat to our economy”. In response to reports that it had been warned by experts about its security, a spokesman for the firm said: “New techniques for attack develop all the time, so TalkTalk constantly updates and reviews our systems to try to stay one step ahead of cybercriminals.

Since the previous attacks, we are working with world leading cybersecurity experts and investing a lot in making sure our system is as secure as possible. Unfortunately, no system is ever totally invincible.” The company’s accounts, published in June, reveal that a Head of Security was appointed “to establish and oversee the new Security Operations Centre, the activities of which have been outsourced to cyber security experts BAe systems.” Moores said: “Everything we have seen suggests that Talk Talk historically may have failed to take reasonable steps and that the CEO appears completely out of touch with the risks that are widely described.

Here you can write a commentary on the recording "TalkTalk hires defence giant to hunt down cyber blackmailers".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site