{"id":8362,"date":"2019-05-24T09:22:35","date_gmt":"2019-05-24T09:22:35","guid":{"rendered":"http:\/\/www.firstlinepractitioners.com\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/"},"modified":"2019-10-03T12:02:30","modified_gmt":"2019-10-03T12:02:30","slug":"the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray","status":"publish","type":"post","link":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/","title":{"rendered":"The TalkTalk hack story shows UK cybersecurity in disarray"},"content":{"rendered":"

David Wall<\/a>, University of Leeds<\/a><\/em><\/p>\n

 <\/p>\n

In the aftermath of the TalkTalk hack<\/a> there was speculation over the possible involvement of terrorists<\/a>, vast financial loss and an impending cybercrime tsunami from stolen personal data. There have been apocalyptic warnings from businesses, and the announcement of government enquiries<\/a> alongside reports of customers already losing money<\/a> or receiving fraudulent phone calls. Fear of cybercrime has gone through the roof.<\/p>\n

 <\/p>\n

Then a 15-year-old teenager from Northern Ireland<\/a> was arrested and subsequently bailed<\/a> in connection with the hack.<\/p>\n

Whoever was behind it, TalkTalk has confirmed that although some personal information may have been stolen, full card numbers had not been compromised and much of the speculation has also turned out to be unfounded. Embarrassing questions have been asked of TalkTalk\u2019s security people<\/a> and their response, not least because TalkTalk has suffered cyber attacks twice this year alone.<\/p>\n

It\u2019s now possible to organise and operate businesses at a distance, in volume, and at great speed<\/a>. However, this strength is also technology\u2019s greatest weakness because it enables criminals to commit crime at a distance, in volume and at great speed. The internet has effectively democratised economic crime, as frauds previously committed only by those in powerful positions and with the skill to do so can now be carried out by practically everyone. As I have commented previously<\/a>, why commit a high-risk robbery when you can commit millions of small low-risk thefts?<\/p>\n

What actually happened?<\/h2>\n

TalkTalk was initially hit by a distributed denial of service (DDOS) attack, in which many \u2013 often hundreds of thousands \u2013 of compromised and remotely-controlled machines repeatedly connect to a website, causing it to buckle under the stress. This disruption was used as a smokescreen for the attack, an SQL-injection attack<\/a> that uses deliberately malformed requests entered into a database program (such as those that run the back-ends of websites). This tends to crash the program, offering up privileges to the attacker that allows them to steal the contents of the database.<\/p>\n

For the second act, the hacker allegedly demanded a ransom for the stolen data<\/a>. The motivation in this case appeared to be money, but motivations do vary \u2013 for example, the Ashley Madison hack<\/a> seemed to stem from a moral sense of revulsion at the firm\u2019s extra-marital affair business model. Many other cyber attacks have been for intellectual stimulation or to demonstrate technical prowess.<\/p>\n

\"\"
Good security starts with all of us.<\/span>
\nAmy Walters\/shutterstock.com<\/span><\/span><\/figcaption><\/figure>\n

What this illustrates is the two sides of business and customer vulnerabilities: the theft of the data and the means by which someone makes money from it. These are different activities and usually committed by different groups of criminals.<\/p>\n

In truth, the criminal market for stolen data is only just becoming understood. But what is known is that stolen datasets are valuable as they can be sold for more than it costs to obtain them. In the TalkTalk attack, the suspected thief allegedly tried to sell the dataset back to the company for a ransom, but the main concern is that when or if customers\u2019 personal data is subsequently sold or traded between criminals<\/a> it can be used to steal money from them.<\/p>\n

A major victim in this case is TalkTalk\u2019s reputation. The temporary closure of TalkTalk\u2019s website caused massive inconvenience to its users and financial loss to the company, and the uncertainty over what was taken and the prospect of customers suing the company have caused the company massive financial losses<\/a>. Will the TalkTalk attack go down in history as just a catalogue of disasters and a salutary warning not to cut corners in security, or does it simply highlight business\u2019 increasing vulnerability and the need for firms to step-up their security game?<\/p>\n

Co-opting skills<\/h2>\n

The other question is what to do with hackers, whatever age they may be. Judicial attitudes towards hackers in the US have been harsh and lacked the proportionality expected of sentencing<\/a>. But for some, perhaps we should be identifying more constructive ways of using the talents of these people for the public good. A shortfall of cyber skills<\/a> means that perhaps convicted hackers could be diverted to, for example, one of the government initiatives devised to help develop cyber-security skills<\/a>.<\/p>\n

If we fail to recognise their potential, bring them on board and make best use of their skills, then others in the criminal world will find them and do so instead.\"The<\/p>\n

David Wall<\/a>, Professor of Criminology, University of Leeds<\/a><\/em><\/p>\n

This article is republished from The Conversation<\/a> under a Creative Commons license. Read the original article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

In the aftermath of the TalkTalk hack there was speculation over the possible involvement of terrorists, vast financial loss and an impending cybercrime tsunami from stolen personal data. There have been apocalyptic warnings from businesses, and the announcement of government enquiries alongside reports of customers already losing money or receiving fraudulent phone calls. <\/p>\n","protected":false},"author":9,"featured_media":7163,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[147,197],"tags":[],"yoast_head":"\nThe TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS\" \/>\n<meta property=\"og:description\" content=\"In the aftermath of the TalkTalk hack there was speculation over the possible involvement of terrorists, vast financial loss and an impending cybercrime tsunami from stolen personal data. There have been apocalyptic warnings from businesses, and the announcement of government enquiries alongside reports of customers already losing money or receiving fraudulent phone calls.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/\" \/>\n<meta property=\"og:site_name\" content=\"FIRST-LINE PRACTITIONERS\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-24T09:22:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-03T12:02:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.firstlinepractitioners.com\/wp-content\/uploads\/2018\/02\/takedown34-e1523531816980.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1333\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Florian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Florian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/\",\"url\":\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/\",\"name\":\"The TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS\",\"isPartOf\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#website\"},\"datePublished\":\"2019-05-24T09:22:35+00:00\",\"dateModified\":\"2019-10-03T12:02:30+00:00\",\"author\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.firstlinepractitioners.com\/cs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The TalkTalk hack story shows UK cybersecurity in disarray\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#website\",\"url\":\"https:\/\/www.firstlinepractitioners.com\/el\/\",\"name\":\"FIRST-LINE PRACTITIONERS\",\"description\":\"Curricula - Knowledge - Navigation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.firstlinepractitioners.com\/el\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3\",\"name\":\"Florian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g\",\"caption\":\"Florian\"},\"url\":\"https:\/\/www.firstlinepractitioners.com\/cs\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/","og_locale":"cs_CZ","og_type":"article","og_title":"The TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS","og_description":"In the aftermath of the TalkTalk hack there was speculation over the possible involvement of terrorists, vast financial loss and an impending cybercrime tsunami from stolen personal data. There have been apocalyptic warnings from businesses, and the announcement of government enquiries alongside reports of customers already losing money or receiving fraudulent phone calls.","og_url":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/","og_site_name":"FIRST-LINE PRACTITIONERS","article_published_time":"2019-05-24T09:22:35+00:00","article_modified_time":"2019-10-03T12:02:30+00:00","og_image":[{"width":2000,"height":1333,"url":"https:\/\/www.firstlinepractitioners.com\/wp-content\/uploads\/2018\/02\/takedown34-e1523531816980.jpg","type":"image\/jpeg"}],"author":"Florian","twitter_card":"summary_large_image","twitter_misc":{"Napsal(a)":"Florian","Odhadovan\u00e1 doba \u010dten\u00ed":"4 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/","url":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/","name":"The TalkTalk hack story shows UK cybersecurity in disarray - FIRST-LINE PRACTITIONERS","isPartOf":{"@id":"https:\/\/www.firstlinepractitioners.com\/el\/#website"},"datePublished":"2019-05-24T09:22:35+00:00","dateModified":"2019-10-03T12:02:30+00:00","author":{"@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3"},"breadcrumb":{"@id":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.firstlinepractitioners.com\/cs\/the-talktalk-hack-story-shows-uk-cybersecurity-in-disarray\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.firstlinepractitioners.com\/cs\/"},{"@type":"ListItem","position":2,"name":"The TalkTalk hack story shows UK cybersecurity in disarray"}]},{"@type":"WebSite","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#website","url":"https:\/\/www.firstlinepractitioners.com\/el\/","name":"FIRST-LINE PRACTITIONERS","description":"Curricula - Knowledge - Navigation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.firstlinepractitioners.com\/el\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/b34843a12defd8503efa62cbb39edbd3","name":"Florian","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/www.firstlinepractitioners.com\/el\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5193b32cfd0b1df3bedd57dc497af30e?s=96&d=mm&r=g","caption":"Florian"},"url":"https:\/\/www.firstlinepractitioners.com\/cs\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8362"}],"collection":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/comments?post=8362"}],"version-history":[{"count":1,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8362\/revisions"}],"predecessor-version":[{"id":8372,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/posts\/8362\/revisions\/8372"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/media\/7163"}],"wp:attachment":[{"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/media?parent=8362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/categories?post=8362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.firstlinepractitioners.com\/cs\/wp-json\/wp\/v2\/tags?post=8362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}