On 16 and 21 October 2015 Matthew Hanley hacked the TalkTalk website and stole personal details of over 150,000 customers. This included their full names, postal addresses, telephone numbers, dates of birth and banking details. Hanley handed the data over to Connor Allsopp to sell to Daniel Kelley, who had the intention of committing fraud with the information. Kelley then tried to extort 465 bitcoins (around US$2 million) from Dino Harding – the CEO of the company at the time.
TalkTalk suffered massive losses. The breach cost the company a staggering £77 Million in financial losses, including a fine of £400,000 levied on the company by the Information Commissioner’s Office (ICO) for their failure to carry out fundamental security measures required to prevent a security breach such as this from happening. This is not to mention the implications the attack has on future business for the company. Who wants to subscribe to a vulnerable supplier? The attack also caused severe distress and misery to the people whose confidential information were stolen and then passed on to a third party.
Two individuals of extraordinary talent
The court case took place on Monday, 19 November at Old Bailey where Judge Anuja Dhir presided. The Judge said that it is tragic that the two hackers have such extraordinary talent. During the trial, Matthew Hanley (23), and Connor Allsopp (21) admitted to the crimes against TalkTalk. Until his arrest on October 2015, Hanley was an unwavering hacker – he was fully aware that what he was doing is illegal, and of the risk involved in it. The hacker was sentenced to one year in prison and his associate Allsopp received an eight-month sentence. Described by Judge Dhir as a ‘dedicated hacker’ Hanley’s sentence was longer than Allsop’s who ostensibly played a lesser role in the cybercrime.
Voits used a fake website ewashtenavv.org instead of the official website at ewashtenaw.org and successfully convinced country officials to visit the fake site. This allowed Voits to install malware onto computers in the IT department eventually gaining him access to the entire system. Voits was able to access over 1600 personal addresses, search warrants, and the capability to alter jail records to secure the early release of prisoners.
Vigilance and Cyber Security
It was not any sophisticated anti-hacking software that alerted officials to the breach of cyber security at the county offices though. Cross checking release details of inmates against paper records alerted officials to the discrepancy which led to the involvement of the FBI and the eventual arrest of Voits.
How To Protect a System Against Malware
Unfortunately, to gain access to a system, malware must be physically installed on a device. This usually signifies a level of human involvement, to a greater or lesser degree our systems are only as secure as the people using them. A simple one-character change in a web address allowed Voits access to thousands of records. Many individuals are also at risk of hacking attacks and malware intrusions via links sent in emails, od social media and via messaging apps on cellphones. The best way to avoid security loopholes in systems is to remain vigilant, check all links that are visited to make sure they are directing to the correct site and don’t click on anything (link, image or video) that is unknown. For businesses this means having a strict code of online conduct for all employees.
With increased connectivity, the real world and the digital world are becoming intrinsically connected. The Internet of Things is growing exponentially and more and more devices in offices, on roads and in homes form part of this interconnected network. Cars are propelled without people at the wheel, big data is no longer just tech jargon, and it is becoming simpler to track mobile phones, cars, and even people remotely. While this is an exciting time for technological growth, these incredible developments also have a downside. One of the biggest drawbacks to global tech progress is that third parties now have unparalleled access to private information, which is ostensibly securely stored online. This creates various cyber vulnerabilities to businesses and individuals that are unfortunately mostly ignored.
Corporate companies have insane levels of access to consumers’ digital movements and personal information. These examples draw a rather bleak picture – and this is only the tip of the iceberg in our increasingly connected world. Research is being conducted to identify and assess potential threats, and to formulate solutions. Some of the findings were:
The movements and habits of online users are being tracked without their consent
Even when users are aware of this and take steps, pattern-matching algorithms still keep track of their movements
Options to limit data infringements are limited
These is a mammoth lack of digital privacy in the world
The need to address data privacy problems is increasing
Cyber Safety Options for Consumers and Companies
Once a consumer opts in to an affiliation, there is little they can do to secure their personal data, but the following protective measures are advised:
Download reputable software for blocking and deleting cookies
Avoid downloading unnecessary apps
Use strong passwords and do not repeat the same password
Unfortunately, the risks are higher for companies and maintaining cyber safety is far more complicated. It is highly recommended that companies approach a cyber-safety professional to implement preventative measures and to deal with threats.
An International Issue
While the security of a country is its own responsibility, the digital world stretches across the globe and it is not always possible to determine whose responsibility digital safety is. It is interesting to note that there is a significant lack of experts in the field of cyber security, despite the upsurge in digital tech. Research has revealed that at least a million skilled workers are needed to ensure the digital safety of companies around the world. One sector that has taken off recently is cyber insurance. Unfortunately it is not without issues. Policies are not providing protection to policy-holders for reasonable data protection and are rife with exceptions. The reality that has not yet sunk in is that the economy will be affected if measures are not taken to deter cybercrime. The first step for companies and consumers alike is to start gathering knowledge. Without revealing the cause, a problem cannot be properly addressed. The only way forward is to harness information to explore potential solutions to this major threat.
Shimon Sheves truly embodies the adage, “Think Global, Act Local”. He is deeply passionate about his homeland of Israel and works tirelessly to support his community. Sheves is also the founder and chairman of HolistiCyber company that provides nation-state level cyber protection.