The UK Metropolitan Police has announced the arrest of a 15-Year-Old in connection to the recent data breach suffered by the British ISP TalkTalk. Law enforcement from the Police Service of Northern Ireland (PSNI) have identified the youngster and arrested him on suspicion of Computer Misuse Act offenses.
In a statement, the UK Metropolitan Police announced that officers from the Police Service of Northern Ireland, working with detectives from the MPCCU (MET Cyber Crime Unit) executed a search warrant at an address in County Antrim, Northern Ireland.
“At the address, a 15-year-old boy was arrested on suspicion of Computer Misuse Act offences. He has been taken into custody at a County Antrim police station where he will later be interviewed. A search of the address is ongoing and enquiries continue. This is a joint investigation by MPCCU detectives, the PSNI’s Cyber Crime Centre (CCC) and the National Crime Agency,” the statement added.
Last Week, the TalkTalk Telecom Group plc has announced that four million customers were impacted by a “sustained cyberattack” that hit its servers, later TalkTalk CEO, Dido Harding, confirmed personally receiving a ransom demand following the data breach.
Brian Krebs reported that sources close to the data breach told him the hackers demanded £80,000 (~$122,000) in Bitcoin to avoid the disclosure of other company’s customer records. Krebs also added that the security “Fearful and Glubz” had recently disclosed a vulnerability in a TalkTalk website.
“On October 18, 2015, a person using the screen name “Fearful” and alias “Glubz” reported a vulnerability in the videos section of TalkTalk’s Web site (videos.talktalk.co.uk). The flaw was reported via xssposed.org, a site that operates as a sort of public clearinghouse for information about unpatched Web site vulnerabilities. Xssposed.org said it verified the flaw indeed existed in the TalkTalk videos page, but that no technical details were being disclosed to the public in order to give website owner time to patch the vulnerability without putting its users at risk.” states Brian Krebs “Interestingly, a Twitter user with the Twitter handle @Fearful has been posting about expecting a raid from the U.K. authorities at any minute. The Twitter profile links to the (possibly compromised) Web site elliottg[dot]net, which currently redirects to a page with scrolling images of a blond-haired young man, the TalkTalk logo, and a U.K. policeman.”
Krebs also discovered a very reliable seller, known as “Courvoisier,” (“Level 6 Fraud and Drugs seller,”) in the AlphaBay Tor black market offering TalkTalk data.
At the same time, the cyber security consultant and former Scotland Yard detective Adrian Culley revealed that a Russian Islamist group claimed the responsibility of the attack. On Friday, the group leaked online a set of data, but it is still not clear yet if the dump includes all the stolen data.
In the note the attackers disclosed online they explained that have used TOR, encrypted chat messages, private key emails and compromised servers to launch the attack remaining anonymous.
On Saturday afternoon, TalkTalk confirmed that banking data stolen by the hackers were incomplete, the company explained that the data breach hasn’t compromised complete credit card details of the customers. The company also confirmed that user’s passwords have not been exposed during the cyber attack.
“Any credit card details that may have been accessed had a series of numbers hidden and thereforeare not usable for financial transactions, eg ‘012345xxxxxx 6789It’,” states an official statement issued by the company.
The cyber security experts speculate the company was victim of most a classic SQL injection attack that may have exposed data in its database, including names, addresses, email addresses, phone numbers, account information, and truncated credit card numbers. The company confirmed that not all of the data was encrypted, in response to the attack it voluntarily brought the websites back down to advantage the investigation of the law enforcement.
Concomitantly attack, the experts noticed one of the company website was hit by a denial-of-service attack, which may have been used as diversionary strategy. In the weekend, MotherBoard portal reported that a hacker purporting to represent the group LulzSec has claimed responsibility the DDoS attack that hit TalkTalk just before the threat actors breached its systems.
A hacker who uses the pseudonym of AnonZor confirmed to Motherboard they and co-leader Dax managed the DDoS against TalkTalk, but he highlighted that they were not involved in the data breach.
“The stolen data is not done by us, we only did a DDoS attack to show the world that #LulzSec has returned,” AnonZor said.
Now the company hired BAE Systems to support the Scotland Yard’s investigation.
(Security Affairs – TalkTalk, data breach)