Who says educational standards are in decline here ;D
Any clearer where he's from? Must be a bit of a whizz kid doing that
County antrim which probably just means anywhere in antrim bar belfast!
First the guy in derry making a fortune of moovies and now this. Frank abhigale junior would be proud...
If he was my son I not sure if I wouldn't be just a wee bit proud.
He's not being questioned about doing the hacking job he's being interviewed for a job in MI5!
Very much doubt he's a genius, more like talk talk employed morons who don't care.
He wouldn't be coming on complaining about programmes being IP blocked!
Quote from: thebigfella on October 26, 2015, 10:38:44 PM
Very much doubt he's a genius, more like talk talk employed morons who don't care.
Agree. Its more likely talk talk were sitting wide open than this kid being a genius.
Any of you lot know how to access a system, even if the security systems are lack? Talk Talk have rightly been disgraced for their lack of security for customers personal details, but still...
He has a job waiting as soon as he gets done with "questioning"
Interrogation questions down the cop shop
Here- can you fix my printer
Can you make it so these videos don't keep playing
can you erase my browser history?
Can you get my ex's new phone number
Quote from: heganboy on October 27, 2015, 01:03:29 AM
He has a job waiting as soon as he gets done with "questioning"
Interrogation questions down the cop shop
Here- can you fix my printer
Can you make it so these videos don't keep playing
can you erase my browser history?
Can you get my ex's new phone number
Sounds like Talk Talk stored a lot of their data in plain text. Like fùck this kid has a job waiting for him now or in a few years. He showed initative but being able to run scripts and program are two different things, most of these hacks are a result of the former, brute forcing passwords with scripts.
Maybe he injected a SQL command in a form that queries the database (don't ask), then at least he's demonstrated he has a grasp of programming basics. If he's learning the proper stuff as well it will serve him far better than a criminal record will in getting a job.
The fact he got caught so fast tells me he had little clue about covering his tracks or doing it properly.
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Again, you're buying into this mythlogy that every two-bit hacker is employable. They aren't because what most of them do is so automated that they'd have little clue how to properly defend against even those basic attacks they perpetrate. The skills to defend against these attacks are very different.
You boys are the sort I would have bullied n school.
Start talkin in lay mans terms ffs.
Encrypting databases is all fine and dandy, but what if partners and third parties need access? For all I know TalkTalk could have outsourced their finance, payroll, help desk, marketing, big data analysis field engineering, etcetera, all of whom need access to the customer database
Quote from: Orior on October 27, 2015, 09:38:58 AM
Encrypting databases is all fine and dandy, but what if partners and third parties need access? For all I know TalkTalk could have outsourced their finance, payroll, help desk, marketing, big data analysis field engineering, etcetera, all of whom need access to the customer database
Then you build a secure solution to allowing them access.
Quote from: Syferus on October 27, 2015, 08:33:31 AM
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Again, you're buying into this mythlogy that every two-bit hacker is employable. They aren't because what most of them do is so automated that they'd have little clue how to properly defend against even those basic attacks they perpetrate. The skills to defend against these attacks are very different.
Agreed, the term hack is thrown around too loosely and people assume its like the movies. I'd say a few scripts downloaded from the net, a bit of loose talk about lax security at TT and mostly luck. This is if he actually is responsible too.
Quote from: thebigfella on October 27, 2015, 09:46:53 AM
Quote from: Orior on October 27, 2015, 09:38:58 AM
Encrypting databases is all fine and dandy, but what if partners and third parties need access? For all I know TalkTalk could have outsourced their finance, payroll, help desk, marketing, big data analysis field engineering, etcetera, all of whom need access to the customer database
Then you build a secure solution to allowing them access.
And that is when the wrong decision is made, because the CIO/CFO thinks it is too expensive.
He's obviously not that smart if the cops are able to go straight to his house and scoop him.
Quote from: Orior on October 27, 2015, 09:38:58 AM
Encrypting databases is all fine and dandy, but what if partners and third parties need access? For all I know TalkTalk could have outsourced their finance, payroll, help desk, marketing, big data analysis field engineering, etcetera, all of whom need access to the customer database
You give them encryption keys or a specifc view on the data that has the information they need and the rest unavailable. Encryption isn't about stopping use, it's about preventing unauthorised people seeing data they shouldn't.
Was there not talk of some boy getting phoned up and they had specific details? Initally I thought it sounded a bti wider than something one kid would have done unless he sold data on??
Encrypting data is all fine but usually there's an end point where it's not encrypted so it can fall down somewhere... These systems should only have access with logins, https certificates etc.
I'd be interested to see how the kid did it though doubt we will ever know.
I doubt he got all this through sql injection or the like. Spoofing / brute force or something like that.
Quote from: Brick Tamlin on October 27, 2015, 09:01:33 AM
You boys are the sort I would have bullied n school.
Start talkin in lay mans terms ffs.
He found the key to open the magic door to TT's box of customer's secrets.
Ah come on now lads - there is no way this lad acted alone. He was probably part of a wider online community and multiple people attached TT.
He has probably got caught not because of his actions but because he talked about it or tried to sell the data.
As Tommy has said - customers bank accounts were cleared out and people phoned asking for money. Did this 15 year old do this on his mobile sitting in his bedroom? Doubtful.
There will easily be a lot of people involved in this but one young lad stupid enough to over step the mark and give his involvement away.
this is the way to go:
http://www.google.com/patents/US8630422
Quote from: Muzz on October 27, 2015, 12:54:28 PM
Ah come on now lads - there is no way this lad acted alone. He was probably part of a wider online community and multiple people attached TT.
He has probably got caught not because of his actions but because he talked about it or tried to sell the data.
As Tommy has said - customers bank accounts were cleared out and people phoned asking for money. Did this 15 year old do this on his mobile sitting in his bedroom? Doubtful.
There will easily be a lot of people involved in this but one young lad stupid enough to over step the mark and give his involvement away.
He probably hangs around on the usual IRC channels these 'hackers' do but this could easily be done by one kid, there is no need for there to be anyone else involved. He may have passed the information on or if he was sorta smart - doubtful seeing he was caught so fast - sold the data on the black market.
If anything having to coordinate with someone else would probably be a handicap in this sort of situation.
All will be revealed but even TT would have firewalls etc. that would need to have been bypassed unless they really did not have any security what so ever. In that case can hardly be called a hack.
Was there any reports of DDOS? A lot of comments and releases so far have not really confirmed or denied what actually happened. All we know is that the database was not encrypted.
Rapid7 press guy said that
QuoteTalkTalk also mentions seeing a DDoS attack prior to the actual breach. The tactic of inundating an application with traffic to hide the real attack going on at the same time is very common nowadays. By distracting the target, the attacker buys more time to focus on the assets they are really after.
There's no way that this guy could have carried out the DDoS attack on his own then.
I'd be surprised were he on his own. Has to be more involved. Could be a scapegoat I suspect with a lot of smarter people in on it.
A DDoS attack wouldn't be particularly hard but I think knowing where the database is, what to get etc etc you'd need to be in some way informed to do.
The boy has been named by The Telegraph.
http://www.telegraph.co.uk/news/uknews/crime/11957474/TalkTalk-cyber-attack-Arrested-schoolboy-named-as-Aaron-Sterritt-15-from-Ballymena.html
Quote from: Lecale2 on October 27, 2015, 02:16:04 PM
The boy has been named by The Telegraph.
http://www.telegraph.co.uk/news/uknews/crime/11957474/TalkTalk-cyber-attack-Arrested-schoolboy-named-as-Aaron-Sterritt-15-from-Ballymena.html
Wonder why they feel the need to say "Neighbours in the strongly unionist estate..." Is this a factor in the case??
If he was a Taig, it would be an act of terror.
Unionist thug kills family pet.
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Not in this or any other world do I have the slightest clue as to what you are saying.
Quote from: Bingo on October 27, 2015, 03:41:47 PM
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Not in this or any other world do I have the slightest clue as to what you are saying.
this may shed a little light Bingo. The young guy, working solo I'd say prob set up a self-mining PTC/PUL advanced algorithm but forget to add a stealth avoidance advanced yellow primer script (quite literally a schoolboy error)
Quote from: JoG2 on October 27, 2015, 03:49:45 PM
Quote from: Bingo on October 27, 2015, 03:41:47 PM
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Not in this or any other world do I have the slightest clue as to what you are saying.
this may shed a little light Bingo. The young guy, working solo I'd say prob set up a self-mining PTC/PUL advanced algorithm but forget to add a stealth avoidance advanced yellow primer script (quite literally a schoolboy error)
Jaysus, deserves to spend the rest of his life in prison for that alone ;)
Bingo is about to go watch swordfish again to see if it begins to make sense.
8)
Quote from: Pub Bore on October 27, 2015, 03:52:33 PM
Quote from: JoG2 on October 27, 2015, 03:49:45 PM
Quote from: Bingo on October 27, 2015, 03:41:47 PM
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Not in this or any other world do I have the slightest clue as to what you are saying.
this may shed a little light Bingo. The young guy, working solo I'd say prob set up a self-mining PTC/PUL advanced algorithm but forget to add a stealth avoidance advanced yellow primer script (quite literally a schoolboy error)
Jaysus, deserves to spend the rest of his life in prison for that alone ;)
I know ! if there was a cross-eyed smiley face, I'd add it
Quote from: JoG2 on October 27, 2015, 03:49:45 PM
Quote from: Bingo on October 27, 2015, 03:41:47 PM
Quote from: heganboy on October 27, 2015, 03:43:06 AM
maybe I remember it differently, but at 15 you didn't get caught - you were invincible.
the numpties at TT are admitting to no encryption of customer data, so the fact that they may have fallen to a DDOs with and SQLi is a bloody disgrace. That they asked for 80k in Bitcoin is hilarious, and that they showed Krebs the db table copies is even funnier.
a bit of social engineering, and a AWS / GCE account go a long way. you would have said that the odds were on the side of brute force with low primes, but that they (TT) are saying they have no obligation to encrypt data is going to see them burn... SQLi it is.
People are going to jail, and it really shouldn't be the 15 year old (who will be absolutely hired when he gets out, initiative goes a long way these days)
Not in this or any other world do I have the slightest clue as to what you are saying.
this may shed a little light Bingo. The young guy, working solo I'd say prob set up a self-mining PTC/PUL advanced algorithm but forget to add a stealth avoidance advanced yellow primer script (quite literally a schoolboy error)
Not as clever as he though he was then, the wee bollix!
If he had turned it off and restarted would that have helped?
QuoteI doubt he got all this through sql injection or the like. Spoofing / brute force or something like that.
Brute force spoofing, anyone on GAABoard could understand that.
No doubt it was a case of Talk Talk not bothering to protect against attacks that were around before Armagh invented football.
There probably should be legally mandated testing regime for such organisations so that they have to show that they made some effort, although there will always be innovative attacks that are hard to stop.
Quote from: deiseach on October 27, 2015, 03:14:12 PM
If he was a Taig, it would be an act of terror.
Is this a joke?