back to article TalkTalk once told GCHQ: Cyberattack? We'd act fast – to get sport streams back up

Prior to its disastrous 2015 mega hack, UK ISP TalkTalk had told British spies at GCHQ that should an attack occur, its main focus would be to restore "online sports streaming", according to the head of operations at the country's National Cyber Crime Unit. Speaking at the Cyber Security in Healthcare event at the UK Health …

  1. Anonymous Coward
    Anonymous Coward

    Fair enough.

    What's that old saying? People are two missed meals or one jittery champions league group stage match stream away from revolution.

  2. Elmer Phud

    Throw bread to the crowds, or else!

    With their mouths full they cannot chat about how bloody awful the service is.

  3. tiggity Silver badge

    Talk Talk Victim

    If I had all teh doors and windows wide open in my property whilst I was out and I was then burgled I might feel like a victim but I would not be as far as insurance company (or anyone with half a brain cell) was concerned.

    If you are a major ISP then shoddy security that a few script kiddies can break is not being a victim it is being inept (ignoring security as a niggly cost expense). If they had good security and someone used a zero day to breach them, or some very sophisticated social engineering then they could be more like victims,

    Sport priority says it all though & reveals exactly why the were hacked so easily.

  4. JamesPond
    WTF?

    "no specific line manager for cyber security

    as the responsibility cuts across multiple roles in the company."

    You are an ISP, you are operating at the front end of a system with known and unknown government and non-government cyber threats, you are the gatekeeper to your customers data and home systems.

    Responsibility for security shouldn't be at the line-manager level, it should be at board-level cutting across all areas of the company. What a set of morons.

  5. Doctor Syntax Silver badge

    "it was important to add that TalkTalk was still a victim."

    No. TalkTalk was a negligent custodian. The victims were the customers whose data was taken.

    1. Commswonk

      TalkTalk was a negligent custodian

      Borrowing Doctor Syntax's comment as a subject...

      Former boss Dido Harding later told MPs there was no specific line manager for cyber security as the responsibility cuts across multiple roles in the company.

      That tells us all we needed to know about the Blessed Dido Harding in the job she was supposed to be doing.

      If we didn't know it already, that is.

      1. CrazyOldCatMan Silver badge

        Re: TalkTalk was a negligent custodian

        Blessed Dido Harding in the job she was supposed to be doing.

        She did a brilliant job in preparing her golden parachute. Which, as far as she was concerned, was the one area she wanted to concentrate on.

  6. Anonymous Coward
    Anonymous Coward

    Come on, which dipshit at TalkTalk did the survey?

    I would like to be the first to point out that if your network goes down you ain't streaming sh*t so therefore your network is your main priority.

    Clearly they passed the survey to a sales droid which just goes to show how completely and utterly useless they really are like my superpower which is the ability to read my own mind.

  7. Lysenko

    This is equivalent to a conventional telco saying that in the event of a system outage their priority will be do restore the premium grumble lines, not the 999/911 service. Of course any telco even implying that would have it's operating license revoked for breaching the 2003 Communications Act.

    1. John Smith 19 Gold badge
      Coat

      "event of a system outage their priority will be do restore the premium grumble lines,"

      You mean it isn't?

  8. Tigra 07
    Thumb Up

    Wrong priorities...

    The company estimated the attack cost it £42m. Since then it said it has “substantially” increased its investment in cyber security, and has appointed a chief information security officer. not giving a shit about security, customer service, and has managed to to be hacked almost quarterly every year since, yet still somehow has customers.

    Fixed that for you!

  9. Andy 97

    TalkTalk really do need to sack their PR team.

    While they're at it, they probably need to remove 80% of their C level staff too.

    1. Commswonk

      I think blaming the PR team might be a little unfair; their role is to try to make the best of a bad job.

      C suite occupants are fair game, though; they created the "bad job" in the first place.

      I find myself wondering what the TalkTalk Data Controller has said about the security of customer data; he/she has a statutory responsibility for its protection even if the responsibility doesn't extend as far as ensuring effective cybersecurity.

      1. Doctor Syntax Silver badge

        "the TalkTalk Data Controller"

        Who?

        1. Anonymous Coward
          Anonymous Coward

          "the TalkTalk Data Controller"

          You have more chance of finding Lord Lucan.

          1. Anonymous Coward
            Anonymous Coward

            Re: "the TalkTalk Data Controller"

            Well he may have popped back recently to finish a job.

      2. Anonymous Coward
        Anonymous Coward

        I had that job once

        "Hardest job in the world, that, the old Data Security Officer game... "

        Name on the ICO register as the ISO and everything. My fatal mistake was to take the time (my own time, naturally) to read up on the responsibilities I had in law, and then to make reasonable efforts to keep $employer on the straight and narrow. Talk about "How to lose friends an influence people"... when I pointed out that handing customer PII to an offshore (non-DPD compliant) territory was really not allowed, it was pointed out to me that , well, that's interesting, now haven't you got some flashing lights to go stare at? And they carried on regardless. They were probably right, really, the odds of getting caught were zero, and the odds of getting any serious bother if something bad happened at it blew up were low enough when amortised across the five centuries they reckoned it'd take for the bad thing to happen were also so low as to make anything more than token lipservice and auditor-friendly box-ticking the order of the day.

        1. Roj Blake Silver badge

          Re: I had that job once

          Upvote for the Fast Show reference.

  10. John Smith 19 Gold badge
    Coat

    Yeah but, Y'know Tamworth, well know hotbed of UK cyber crims, like Kieve

    I saw it on Fox News or something, so it must be true.

    That said it might be the most honest response GCHQ had on such a survey (barring the ones they found when they deep dived the ISP's internal emails of course).

  11. Camilla Smythe

    Did we award our Directors lots of Money?

    So... What the fuck is your problem?

    1. Teiwaz

      Re: Did we award our Directors lots of Money?

      Did we award our Directors lots of Money?

      So... What the fuck is your problem?

      The Directors probably awarded themselves lots of Money?

  12. Anonymous Coward
    Anonymous Coward

    "We do not recognise these comments" != we didn't say that

    1. CrazyOldCatMan Silver badge

      "We do not recognise these comments" != we didn't say that

      Indeed. More akin to Her Ladyship no longer being "at home" to her former aquaintance who was caught diddling the 2nd Footman..

  13. Anonymous Coward
    Anonymous Coward

    Let me save you the trouble...

    Why bother asking them for a response - Here's the standard corporate PR blurb for these matters:

    =======

    [InsertCompanyName] takes its customers' security seriously and takes all reasonable precautions to ensure the safety of customer data and internal audit has been initiated to establish the severity of any data breach. We cannot comment further until this investigation is completed / the press have lost interest.

    =======

    On a different note, it occurs to me that any organization publically advertising for a CIO in charge of cyber security may well be inviting themselves to be hacked. - It's a bit like telling the guy at PCWorld you know nothing about computers and showing him a wallet full of £50 notes.

  14. Captain Badmouth

    Where have I read this before...?

    Somehow, something tells me it was in a Douglas Adams story.

    Seems to fit, alright.

    Did that ark contain security overseers with PPE degrees?

  15. Captain Scarlet Silver badge
    Mushroom

    Is this PR

    "We do not recognise these comments. Our biggest security priority has always been protecting our customers"

    I wonder what their actual biggest or highest priority is, because I assume its making money. At this point I will give TalkTalk a plus star (1 out of 10) for saying biggest security priority and not lying by saying it was their biggest priority.

    1. CrazyOldCatMan Silver badge

      Re: Is this PR

      Our biggest security priority has always been protecting our customers..

      ...ability to put money into our bank accounts.

      All that other networky-techie type stuff is just too difficult. Apparently just having a load of blinkenlights isn't enough any more.

  16. Aodhhan

    42 Million??

    If this attack only cost them 42 million, then they haven't done a good enough job of ensuring this doesn't happen again.

    It costs a lot more than 42m for a company like this to investigate the entire network, hire more InfoSec professionals, ensure the systems are clean, purchase more InfoSec equipment, create policies, audit policies, update legacy systems, hire more employees to tackle customer relations and damage control, not to mention loss of subscriptions, etc..

    Total cost should be around 200-400 million, not 42.

    Either we aren't being told the truth, or they're still too ignorant about information security.

    1. CrazyOldCatMan Silver badge

      Re: 42 Million??

      Either we aren't being told the truth, or they're still too ignorant about information security.

      Place bets now!

      (And they really are missing a trick - think of all those lovely tax-writedowns they are missing!)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon