UPDATE 4-TalkTalk gets ransom demand after hit by cyber attack

24 Oct 2015 | Author: | No comments yet »

Robbed by cyber hackers: Conmen who stole TalkTalk customers’ details are raiding their bank accounts.

Customers have complained that they were targeted by criminals days before the telecoms company admits the data of up to four million of its subscribers was stolen by hackers. TalkTalk made the announcement late on Thursday, but The Telegraph can disclose that as early as Friday last week customers suffered attacks on their home computers, as well as scam calls by thieves who knew their names and account details. The telecoms giant warned that the stolen customer data may not have been securely encrypted and that it had received a ransom demand from someone who claimed to have carried out the corporate hack. Keith Vaz, the chairman of the cross-party home affairs select committee, said evidence was beginning to emerge that TalkTalk had covered up the true scale of the “alarming and unacceptable” crime.

During a round of media interviews on Friday, Talk Talk’s chief executive, Dido Harding, said: “I personally received a contact from someone purporting – as I say, I don’t know whether they are or are not – to be the hacker, looking for money.” “With the benefit of hindsight, were we doing enough? Baroness Harding of Winscombe, TalkTalk’s chief executive who is known professionally as Dido Harding, was under mounting pressure to explain her response to the crisis.

Well, you’ve got to say that we weren’t and obviously we will be looking back and reviewing that extremely seriously.” Customers were being advised to contact their bank and Action Fraud, the national fraud and internet crime reporting centre, if they noticed unusual activity on their accounts. All of the information must be stored behind layers and layers of security, and put in different virtual ‘compartments’ so that cyber-thieves who manage to get their hands on any data will have to break through many more layers of security before they are able to piece together a full picture. Last night – more than 24 hours after the company admitted it had suffered one of the largest hacks ever carried out on a British company – it was still unable to tell customers how much data had been stolen. Hilary Foster, a barrister’s clerk from Surbiton, south-west London, found that scammers had tried to go on a shopping spree funded from her bank account.

I am really, really angry TalkTalk found out about this on Wednesday and didn’t tell customers until a day later.’ Iain Frater, a trainee doctor from Glasgow, said: ‘They slowed my internet down then phoned pretending to be TalkTalk support. It happened again in February, with TalkTalk customers being subject to further scams despite the company describing the information that was stolen in the breach as limited and non-sensitive.

Mr Vaz said last night: “Suggestions that TalkTalk has covered up both the scale and duration of this attack are alarming and unacceptable and must be thoroughly investigated. The guy really sounded like he was in a TalkTalk call centre.’ Asked by Channel 4 if the company had failed to invest in sufficiently tough online security following two previous attacks, she replied: ‘In retrospect – absolutely. Christopher Graham told BBC Radio 4’s World at One: “I wish we had heard a little bit earlier and we could have been more ‘out there’ giving advice to consumers about what they need to protect their personal information.” Harding said the firm acted as promptly as it could because it was not initially aware that a hack was taking place. “On Wednesday lunchtime, all we knew was that our website was running slowly and that we had the indications of a hacker trying to attack us,” she said. She added that she was “unable to say” whether scam phone calls to its customers in recent days were based on information stolen in this week’s hack or on earlier occasions. Tim Smith, partner and head of technology, media and telecoms at the insurance law firm BLM, said: “These types of attacks are becoming increasingly common in the UK, and it is not at all unusual to find that hackers use an initial DDoS to distract a business’s IT team and then follow up with a second attack trying to steal information.

Asked whether the company would now face official action by the watchdog Mr Graham declined to comment because his organisation is now carrying out an official review. David Emm, principal security researcher at Kaspersky Lab, said: “There’s no such thing as 100 per cent security, so … it’s essential that online providers take steps to encrypt the data they hold. While there is no specific requirement for firms to encrypt data, Graham indicated that if it believed the customer information on TalkTalk’s systems was not secure it could lead to a bigger penalty from the watchdog.

Peter Sommer, a visiting professor at De Montfort University’s cyber security unit, said it looked as though TalkTalk had “made some rather unfortunate decisions” about their systems. Referring to the £250,000 penalty imposed on Sony Corporation after it was found that leaked PlayStation customer data had not been encrypted, he said: “People have got to take this seriously”. The Metropolitan police cybercrime unit has launched an investigation into the breach, although there was little firm information available about the hackers.

The message used the rhetoric of Islamist militants to justify the hack, saying: “We will teach our children to use the web for Allah … your hands will be covered in blood … judgment day is soon”. Prof Peter Sommer, from De Montfort University’s cybersecurity unit, told the Today programme: “It seems to me the suggestion that these are Islamic terrorists who are perpetrating it is unlikely, [though] not impossible. “One has to look at what is probably the most likely outcome. That made it easy for the still-unknown attackers – perhaps criminals, perhaps political extremists, perhaps a mixture of the two – to steal customer information from its computers.

Far too many company directors have not the faintest idea how computers work, or the formidable arsenal of weapons and trickery which attackers can deploy. An illiterate and venomous posting on the Pastebin website, accompanied by what appears to be a portion of the data stolen from TalkTalk, appears to claim responsibility on behalf of Islamist extremists. So attacking TalkTalk, a major provider of mobile phone and internet services, could be a stunt by those bent on destroying our way of life in the misguided pursuit of piety. Even ordinary internet users can be blackmailed because they have left a compromising trail online by browsing pornographic websites, or posting indecent pictures.

Here you can write a commentary on the recording "UPDATE 4-TalkTalk gets ransom demand after hit by cyber attack".

* Required fields
All the reviews are moderated.
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site