Two men involved in 2015’s TalkTalk hack have pleaded guilty at the Old Bailey court in London. Matthew Hanley, a 22-year-old from Tamworth, Staffordshire, admitted to three offences under the Computer Misuse Act, including the TalkTalk hack itself and obtaining and supplying files that would “enable the hacking of websites to others.” He also confessed to supplying a spreadsheet, containing TalkTalk customer details, so that others could commit fraud. Conner Douglas Allsop, also from Tamworth, pleaded guilty on March 30th to assisting fraud and sharing a file that could help other hackers. Both men will be sentenced on May 31st.
The Metropolitan Police said Hanley was an early suspect in his investigation. He was arrested in October 2015, and while officers were able to seize his computer, they contained little information because the hacker had either used encryption or wiped them clean. Police turned to Hanley’s social media accounts and discovered conversations about his involvement in the hack, including the steps he had taken to delete any incriminating data. They also found a connection to Allsopp — Hanley had asked him to sell the TalkTalk customer data in the hope of making a tidy profit.
Police arrested Allsopp in April last year. They showed him the chat logs and the 20-year-old subsequently admitted that he had tried, unsuccessfully, to sell the customer data and information about TalkTalk’s vulnerabilities. “Hanley thought that he was being smart and covering his tracks by wiping his hard drives and encrypting his data,” Andy Gould, detective chief inspector for the Met’s ‘Falcon’ cyber crime unit said. “But what our investigation shows is that no matter how hard criminals try to conceal their activity, they will leave some kind of trail behind.”
Last December, a 17-year-old hacker was sentenced to a 12-month youth rehabilitation order for his involvement in the hack. He had used an SQL mapping tool to identify a vulnerability in TalkTalk’s website, which he then published online. The teenager was punished for multiple offences though, including cyberttacks against Manchester and Cambridge universities. Daniel Kelley, described as the “mastermind” behind the TalkTalk hack, plead guilty to hacking offences that same month. He’s being charged for fraud, blackmail and money laundering. To date, police have arrested six individuals in relation to the cybercrime.
TalkTalk’s reputation was battered by the scandal. The internet, phone and TV provider was fined £400,000 by the Information Commissioner Office and incurred costs of roughly £42 million following the breach. Chief executive Dido Harding is due to step down next month, making way for Tristia Harrison, currently managing director for TalkTalk’s consumer division. The company tried to shake its battered image with a company-wide reboot last year, which included new packages, guarantees and a fresh marketing campaign. Slowly, the provider seems to be recovering — and soon, it seems, this whole episode will finally be behind them.
Source: Metropolitan Police