Any room in there for Dido as well ?
TalkTalk hackhack duoduo thrownthrown in the coolercooler: 'Talented' pair sentenced for ransacking ISP
Two miscreants were sent down by the Old Bailey yesterday for their role in the 2015 hacking of UK ISP TalkTalk. Matthew Hanley, 23, and Connor Allsopp, 21, both of Tamworth in Staffordshire, were jailed for 12 and eight months, respectively, by the judge, Anuja Dhir QC. The pair pleaded guilty last year to various charges …
COMMENTS
-
-
Tuesday 20th November 2018 08:50 GMT bombastic bob
Re: "individuals of extraordinary talent."
"I always thought they were run of the mill script kiddies"
I was about to say something like that, too. what makes them 'script kiddies' is (from what I got from the article) how it started [apparently] with a 17 year old using "toolz" on his "p00ter" to check for SQL injection vulnerabilities. And when he found them, he (apparently) did some thieving and BRAGGED! ABOUT! IT! to others, some of whom were also arrested and convicted [hence the sentencing].
that's kinda what the definition of "script kiddie" is, using things written by others like any miscreant would, in essence having NO real knowledge of computers, or networks, or security, but having those "toolz" so he can look like a 1337 h4x0r to his script-kiddie buddies and online "friends".
REAL hackers, of course, get jobs as engineers, and in IT (and often become security experts). Or they do the 'mad science' thing and invent stuff, work on kernels and device drivers and really cool features in commercial software, because real hackers are curious, inventive, think outside of the box, and typically find unique creative solutions to problems that others would just wheel-spin trying to solve.
-
-
Tuesday 20th November 2018 20:54 GMT The Nazz
Re: "individuals of extraordinary talent."
Or indeed, that many of the victims are hardworking, law abiding and extraordinarily talented themselves, such as for eg Intensive Care Nurses.
Perhaps whilst serving time (what little they will actually do) they could be bombarded with calls from scammers with an overseas accent. Multiple times a day and night.
AND a daily letter from Dido Harding (better still a daily visit) "explaining" that although they've been hacked, they are at no risk, whatsoever, of having their very precise and personal details misused. No sireee, whatsoever,
-
-
Tuesday 20th November 2018 21:33 GMT StargateSg7
Re: "individuals of extraordinary talent."
"......"script kiddie" is, using things written by others like any miscreant would, in essence having NO real knowledge of computers, or networks, or security, but having those "toolz" so he can look like a 1337 h4x0r to his script-kiddie buddies and online "friends"....."
---
TRUE...A Real Hacker knows how to bypass the OS and go right to the modifying the BIOS of the Drive Controller firmware, can inject a cutom JMP/RET/RETN/RETF assembler instruction set into the memory allocation handler, the USB Stick's onboard micro-OS, the BASEBAND OS of the cell phone communications chip (Modem), the graphics card BIOS/firmware and the network card BIOS so we can slurp IP address and DNS requests at the firmware level and BEFORE the AES-256 packet encryption, slurp and save the data into pre-reserved sectors of storage media and into unused portions of IP4/IP6 packet headers and Ethernet/ATM/SONET Frames. We can screenshot the desktop and/or use IRQ's to record the keyboard scan-codes and touchscreen and/or mouse coordinates to get a direct recording of what you did during your online or offline session!
OH YEAH! A .....REAL....HACKER......would put in a pressurized tap into a gas-enveloped fibre optic cables and put in a pure optical switch to slurp and inject NEW photon pulses at just the right frequencies at the right times for ALL channels so the spooks CANNOT use reflectivity/reflectometry to figure out where line delays occur in their fibre optic lines!
KABOOM !!!! A real hacker can secretly put in a micro thermal emissions and surface wave acoustic sensor ONTO the CPU/GPU chip itself so I can directly record what memory cells, circuit paths and pins are being activated at ANY given time and record them as a virtualized/emulated CPU/GPU instruction set which I can playback and slow down to my heart's delight on a hardware emulator!
AAAAAAAHHHHH !!!! A REAL HACKER takes your fingerprints from an acoustic scan of your ENTIRE finger prints along with thermal, pressure and olfactory data so I can make a 3D printed silicon glove version of your hand that will have the right temperature, pressure gradients, proper sweat chemicals and proper physical texture to fool even the NEWEST smartphones and high-security-banking fingerprint scanning systems. That 10 Million Euro SWIFT bank transfer is NOW MINE !!!!
HOT DAMN!!! AM I EVER GOOD !!!!!! I know this scheisse INSIDE and Out from the EARLIEST days of global networking! How many people even KNOW what Interrupt 0x13 and 0x21 are? I DO !!! DO YOU?
-
Tuesday 20th November 2018 13:28 GMT SVV
Re: "individuals of extraordinary talent."
Over 10 years ago, I used to do consultancy type work on web based systems of this type for companies of this size. I always did a general code review as it's the best way to flag up possible security, performance and maintainability problems. These were generally so obvious that they were simple to spot, and the few times I found SQL injection vulnerabilities I was amazed that they had such stupid developers who had such little experience writing public facing code in such large organisations - one time the "senior developer" on a project that turned over hundreds of millions per week had an impressive 18 months development experience.
The thing that wore me down most though, and eventually made me to decide to stop reviewing other people's work and go back to coding again where I was able to insist on doing things properly, was the sheer inertia and disinterest of managers when I produced reports detailing the problems and the required solutions to them. "Oh, that doesn't sound too important". "We can't change it now or we'll miss the go live date (and I won't get my bonus), "the developers say it's not really a problem", "you've only been hired to produce a review, we'll decide whether we want to act on the recommendations" and countless other examples of stupid made me feel like I was wasting my time and experience on idiots, and it doesn't surprise me one bit to learn that things have not improved at all since then. I doubt whether they ever will.
-
Tuesday 20th November 2018 16:37 GMT Mark 85
Re: "individuals of extraordinary talent."
and it doesn't surprise me one bit to learn that things have not improved at all since then. I doubt whether they ever will.
Things won't improve until IT managers have an IT background instead of a business background and then prioritize the IT issues over everything else. Most IT managers seem to only have a business background and no insight into IT. One can be driven by profit motivation or security motivation, but not both. Security costs money and profit trumps spending.
-
-
-
Tuesday 20th November 2018 08:43 GMT Valeyard
"legacy" issues
-cost of fixing "legacy" issues (called such even though they're actually "current" issues): weeks to months of dev-time with no new shiny to show the top brass
-cost of not fixing: ~£77m, more after loss of reputation, custom and future custom
lessons learned industry-wide: probably 0
-
Tuesday 20th November 2018 08:53 GMT tiggity
Re: "legacy" issues
@Valeyard
lessons learned industry-wide: That you get away lightly - minimal fine, folk still use Talk Talk as its cheap & they do not care about its history of insecurity
Nobody at the top of Talk Talk personally jailed, fined, meanwhile young kids who found the IT equivalent of a wallet bulging with cash on the pavement & nobody around to see you pick it up , get harshly treated for a minimal skill data exfiltration act.
-
Tuesday 20th November 2018 15:51 GMT Commswonk
Re: "legacy" issues
...meanwhile young kids who found the IT equivalent of a wallet bulging with cash on the pavement & nobody around to see you pick it up...
It matters not whether anyone sees you pick up said bulging wallet or not, it is still "theft by finding" if you do not report the find with the intention of if being returned to its rightful owner.
-
-
-
-
-
-
Tuesday 20th November 2018 12:52 GMT Loyal Commenter
I carry my lathe and mill in and leave them in the kitchen every night, it's true.
I certainly wouldn't keep either of those in a shed in a field. I'm thinking more like a properly secure warm, dry workshop attached to your house, and if it is anything other than a tatty old foot-operated pole lathe, a decent alarm system too.
-
-
Tuesday 20th November 2018 11:00 GMT Keith Oborn
The shed--
-had a faded "tiscali" sign. It was supposed to have been demolished and the contents stored safely but some bean counters objected to the cost.
Not defending TT but I remember thinking "there but for the grace of god--"
Find me a company that doesn't have at least one similar problem. I'll buy it.
-
Tuesday 20th November 2018 12:32 GMT adam payne
Dhir thought Hanley was a "dedicated hacker," and added that both he and Allsopp were apparently "individuals of extraordinary talent."
Is that statement to make the general public feel better about TalkTalk and their stupidity?!? or is it to make the general public feel safer because the hardened hackers are being put behind bars?!?