A British broadband and phone provider is the latest victim of attack from hackers. In October 2015, TalkTalk’s website was hacked and some of their customers’ information was stolen. This includes date of birth, names, email addresses, addresses, phone numbers, bank details, TalkTalk account information and credit card details. TalkTalk admitted that some user information had been stolen and later confirmed that 1.2 million email addresses, phone numbers and names had been stolen together sort codes among other sensitive information that numbered to hundreds of thousands. This is the third hacking incident in the last 8 months. The first occurred in February and the other in August.
Many people have claimed responsibility for the breach but it has not been clearly identified who is responsible. The investigation is ongoing. Dido Harding, the chief executive of TalkTalk, assured the company’s customers that nothing could be done with stolen information. However, some of the company’s customers have reported that some money has gone missing.
The stolen data is available for sale on Alpha Bay Market by a fraudster known as “Martian.” He offered to sell the information for 1.62 pounds at a time and also in bulk. To prove that he had the ability to access the database of the company, he sent the address and bank account details of one of the company’s customer. When speaking to one of the staff of Sunday People, he said that the customer data acquired contained personal bank information and is very valuable. He said anything could be done with the information and that it was real. However, he denied being involved in the hacking incident. It was said approximately 150,000 pounds could be made from selling the stolen data to various gangs.
Alpha Bay Market
Alpha Bay Market is a darknet market selling drugs, stolen good, and other illicit items. Alpha Bay Market can only be accessed using a specially-encrypted browser. Approximately 200,000 users are on the Alpha Bay Market.
To prevent information from being tracked, sales are done using Bitcoins which is an electronic payment system that prevents user information from being tracked. Criminal gangs who purchase this information use it to fleece unsuspecting victims. Some of the tactics used include sending emails to defraud people, phoning homes to see if there is anyone home and threatening victims to erase data unless a cash ransom is paid out to them.
The Mail discovered TalkTalk customer details being sold on the darknet. Other information that was discovered includes login information (usernames and passwords) of major companies including Amazon, Uber and Ticketmaster among other companies. Various customers of Halifax were also affected as their financial information was discovered being sold for 10 pounds each. Due to this, an investigation was launched by several companies dealing with cyber security.
Ever since commencement of investigations, various suspects have been arrested. A few days after the arrest of a 15 year old male in Ireland’s northern part, another boy, 16 years of age, was arrested in Feltham. His home was searched and he was accused of computer misuse. He too was released on bail until a later date which had not yet been confirmed. The third suspect was a boy, 20 years of age and he was arrested in Staffordshire as a suspect connected to the hacking incident.
As the hacking incidences increase, the Government has been urged to adopt the laws used in America whereby companies are required to make a report of any incident of a hack or data breach to a regulator. The TalkTalk hack was described as something shallow hence action was needed by the government. This would help protect users’ sensitive information. Andy Norton who works for FireEye, a security company, said that even if hacking occurs, most companies are not aware of it. He also said that most companies managed cyber security using “DLPI.” He then called for serious laws that would ensure notification of any breach.
A spokesman from the Metropolitan police commented that they were aware that the data stolen was available online they had taken steps to ensure that such data was removed in situations where it is possible to do so.
Hopefully, such incidents can serve as a warning to other companies to upgrade their security systems and ensure there are no existing vulnerabilities. It is yet to be seen whether the government will take any action and revise the current laws in order to deal with the frequent hacks and protect customers of various companies from being victims of the malicious tactics of criminal gangs.