Three men are due to appear at the Old Bailey charged with various offences linked to an investigation into the mega TalkTalk hack a year ago.

The investigation was launched in October 2015 by the Met's Falcon Cyber Crime Unit following the hack in which 157,000 of its customers' personal details were accessed.

On Tuesday, 15 November, a 17-year-old boy pleaded guilty at Norwich Youth Court to seven offences under the Computer Misuse Act of 1990.

The boy was arrested in Norwich on 3 November last year and subsequently charged. He is due to be sentenced at Norwich Youth Court on 13 December.

The offences were all linked to the unauthorised access in October 2015 to data and programs on various organisations' websites including TalkTalk and Merit Badges as well as universities in Cambridge, Manchester, Sheffield, and Bournemouth.

As part of the wider investigation, detectives have also arrested three other individuals.

Daniel Kelley, of Llanelli, Wales, was charged on 26 September with various blackmail, cyber-crime and fraud offences, and is due to appear at the Old Bailey on Friday, 18 November.

Matthew Hanley and Conner Douglas Allsopp, both from Tamworth, were charged on 26 September with cyber crime and fraud offences and are due to appear at the Old Bailey on Monday, 21 November.

The investigation into the alleged data theft from the TalkTalk website is a joint investigation led by the Met's Cyber Crime Unit with support from Police Service Northern Ireland, Southern Wales Regional Organised Crime Unit, the National Crime Agency, and CERT UK (now the National Cyber Security Centre). ®

Sponsored: Customer Identity and Access Management

The Register - Security

Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three’s status report on the investigation, the attackers were able to access the company’s customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones.

three data breach

“Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of retail stores and attempts to unlawfully intercept upgrade devices,” the company explained.

“We’ve been working closely with the Police and relevant authorities. To date, we have confirmed approximately 400 high value handsets have been stolen through burglaries and 8 devices have been illegally obtained through the upgrade activity.”

There is no mention of how many customers were affected, how long the perpetrators had access to the data (customer names, addresses, phone numbers, and dates of birth), nor whether they have exfiltrated any of it.

The company reassured users that customers’ payment card or bank account information was not accessed nor compromised, and that they will be contacting affected customers as soon as possible.

According to The Telegraph, the National Crime Agency is investigating the breach and they have already arrested three people in connection to it. Two men are suspected of computer misuse offences, while the third one of attempting to pervert the course of justice.

“It appears the vulnerability came from a legitimate employee log-in, which provided the gang with easy access to critical information. On top of this, it bought them valuable time before anyone at Three noticed the unusual behaviour. These are both factors why an insider threat can prove far more dangerous than brute-forcing your way into a network. Any log-in or access details need to be strictly monitored by companies to prevent these kinds of attacks happening,” Jason Allaway, VP of UK & Ireland at RES, commented for Help Net Security.

“I believe this points to an issue with the on- and off-boarding processes at Three. Such issues should be addressed by refining and automating such processes to ensure they are protected against risk. New joiners should be granted the correct access, and leavers should be stripped of access entirely. If companies secure the lifecycle, new joiners and those exiting the company will not expose an access point leaving open the door to an opportunistic cybercriminal.”

Hopefully, the attackers didn’t exfiltrate customers’ information and didn’t sell it on to other fraudsters. But, just in case, customers should be alert to phishing emails and calls from fraudsters claiming to be Three or other ‘associated’ companies.

“The compromised data included dates of birth, information which is often used as a security question. Such information is actually easily obtainable, so all consumers, not just Three’s customers, shouldn’t presume callers are legitimate for knowing it,” says Nigel Hawthorn, chief European spokesperson at Skyhigh Networks.

John Madelin, CEO at cybersecurity experts RelianceACSN, says that the most worrying thing about the Three breach is that it has been discovered by third parties.

“In this case they were only alerted to it once customers themselves started to complain about scam callers. The reality is we don’t know how long the hackers were in Three’s network, but the average time to discover an intrusion is 205 days. Three should have spotted this sooner, and it’s a case of understanding the threat vectors as this appears to be an insider threat. In the wake of the TalkTalk hack Three really should have done better,” he added.

Help Net Security

Computer hackers have broken into a database of Three Mobile customers and accessed their personal details in order to steal smartphones, the UK network said on Thursday.

A spokesman for the company said there had been an uptick in attempted phone fraud over the past four weeks, both through burglaries of Three retail stores and intercepting customer phone upgrades.

"In order to commit this type of upgrade handset fraud, the perpetrators used authorised logins to Three's upgrade system.

"This upgrade system does not include any customer payment, card information or bank account information," the spokesman said.

Three Mobile Cyber Attack and Data BreachPersonal details including names and addresses were accessed and are believed to have been used by fraudsters to order the phone upgrades, which were sent to eight customers and intercepted.

A probe is currently underway to determine how many more of the company's nine million customers have had their data breached, while the eight known clients have been contacted by Three.

A source close to the matter was quoted by The Telegraph as saying the private information of two thirds of Three customers could be at risk.

"The investigation is ongoing and we have taken a number of steps to further strengthen our controls," said the company spokesman.

Three people were arrested on Wednesday in connection to the fraud and have since been bailed.

A 48-year-old man from Kent, south-east England, and a 39-year-old man from Manchester, north-west England, were arrested on suspicions of computer misuse offences.

A 35-year-old man also from Manchester was arrested on suspicion of attempting to pervert the course of justice.

Related: TalkTalk Handed Record Fine for Data Breach

Related: Information Commissioner Talks Privacy Laws in Post-Brexit UK

view counter

© AFP 2016


SecurityWeek RSS Feed

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

New Gmail Alerts Warn of Unauthenticated Senders

August 11, 2016 , 2:10 pm

New Trojan SpyNote Installs Backdoor on Android Devices

July 29, 2016 , 12:21 pm

Keystroke Recognition Uses Wi-Fi Signals To Snoop

August 25, 2016 , 2:19 pm

Critical MySQL Vulnerability Disclosed

September 12, 2016 , 11:00 am

PLC-Blaster Worm Targets Industrial Control Systems

August 5, 2016 , 4:49 pm

Android Patch Fixes Nexus 5X Critical Vulnerability

September 2, 2016 , 12:49 pm

Browser Address Bar Spoofing Vulnerability Disclosed

August 17, 2016 , 12:54 pm

Threatpost | The first stop for security news

Charles Carrington

Associate Partner, IBM

Charles Carrington has worked in Security, focusing on IAM, for over 20 years. He is a published author (on directories). Mr. Carrington's work is in the field and practical,...

See All Posts

The demand for identity and access management-as-a-service (IDaaS) is expanding into every industry. Below we look at how retailers, universities and financial institutions can benefit from adopting cloud for their IAM needs.

User Self-Service With IDaaS

Envision B2C scenarios like online retail to customer, university to student or retail banking to account holder: Users come and go, and user management can quickly become burdensome, especially in traditional identity and access management (IAM) environments.

Managing millions of customer identities is a different scale of problem than managing thousands of employee IDs. Most on-premises, internally focused IAM systems are short on self-service and still require manual activity for workflow, approvals and implementation of changes. Automating that activity takes time and money.

Additionally, customers use their own devices, which are outside your control. Providing simple self-service is critical to keeping costs down. Enterprise-grade cloud IAM makes it easy because the automation and self-service are ready to use.

Expert Tip: Judge Wisely

Judge wisely when choosing a cloud-based IAM vendor for self-service functionality. Most lack depth in this capability, so look for IDaaS with self-service tools that support multiple languages and/or user populations for registration, password resets, username recovery, profile management, delegated user management, access requests and approvals, and recertification approvals.

Federation Simplified

Industries can also benefit from the rapid federation achieved through cloud IAM. Retailers, educators and banks can rapidly and inexpensively federate with other identity providers, vendors and suppliers, avoiding the need to create and maintain in-house IDs.

Users often find this easier and preferable because they are able to log in with their existing credentials or even their social identities. Supply chain processes and identity management policies that have dogged many organizations for years can be simplified.

On the customer service side, organizations can similarly allow their customers to log in with third-party credentials, such as Google or Facebook IDs.

Expert Tip: Don’t Be a System Integrator

Most vendors playing in the IDaaS space only offer federated single sign-on (SSO) along with a few other shallow IAM features. Remember, choosing these one-off products will force you into the dreaded role of system integrator. Choosing a single IDaaS solution for all of your IAM needs will end up costing you less time and money in the long run.

Instant Scalability

Another key cost benefit for B2C organizations is peak usage flexibility. Businesses can scale up for a peak season, such as the holiday selling season in retail, and then back down, quickly onboarding and then offboarding thousands of staffers without adding resources (servers, software, staff, etc.).

This instant scalability also applies to adding or removing applications while maintaining SSO and a single user experience seamlessly across platforms.

Expert Tip: An On/Off Switch Is Key

The ability to turn premium IAM features on and off should be a part of your IDaaS selection criteria. Doing so will give you the ability to respond immediately to profit-driven business requests, expand organizationally without added costs and achieve a competitive advantage when opportunities develop.

Cloud-based user self-service, identity federation and on-demand IAM features are only a few ways organizations in the retail, education, automotive, industrial, health care and financial industries can benefit from IDaaS.

Download The Ultimate Guide to Calculating the TCO of Cloud and On Premises IAM

Topics: Cloud, Cloud Security, identity, Identity and Access Management (IAM), Single Sign-On (SSO)

Security Intelligence

As some point you have probably downloaded a "free" piece of software only to find it has come with a whole host of other unwanted friends that go on to redirect your browser search bar or inject ads where there weren't any before.

This is the world of pay-per-install (PPI) and Google, along with New York University and the International Computer Science Institute, spent a year digging into the little-understood market, publishing their results in a paper [PDF] this week.

What they found over the course of 12 months makes for sobering reading: the issue of PPI is three times greater than malware: no less than 60 million download attempts every week. That's something that the authors say represents "a major security threat". They estimate as many as five per cent of all browsers have been affected.

Why is it such a big problem? Two reasons: first, it is not illegal. Companies that want their software on millions of people's system pay publishers to bundle it with legit software that the user then actively chooses to download and install.

That pushes the law right to its very boundaries but the fact that a number of big name companies, including Skype and Opera, are using this method to disburse their software is testament to the fact it is not a crime.

The second big reason that PPI is a so widespread is, of course, money. The authors note that one of the four large PPI outlets that they looked at took in $ 460m in revenue in 2014. With money like that, you can expect interest.


And sophistication. The paper notes that the download bundles come with a good degree of technical know-how. Variations in software to account for different operating systems and browsers are automatically installed. PPI publishers store between five and 50 different offers/bundles and provide whichever is most effective for your particular machine.

Some software builds in a 20-day delay before waking up so users don't immediately associate it with the free download they just installed. Some check in the computer's registry for anti-virus and that they're not already installed.

The team found a total of 15 PPI affiliate networks dotted around the globe providing a total of 160 software families. And it dug into pricing: the price you pay to have your software installed comes as a per-install cost and varies according to region and network. For one network, the cheapest cost was $ 0.06 or six cents for Vietnam, up to $ 1.50 per install for North America. The United States was persistently the most expensive market, followed next by the UK.

Despite efforts to block the installations from occurring, the PPI networks have a wide variety of ways to bypass their efforts. The paper's authors found that affiliates jump between domain names every seven hours in order to constantly stay ahead of blocking efforts. They incorporate technology to get past filters and virus scans.

Despite the team noting that 59 per cent of the software they discovered was flagged by anti-virus as "unwanted", that still means more than 40 per cent of it was getting past – and that's for systems with antivirus on.


As for where you can pick these delightful pieces of software up from: the greatest percentage of bundles came through freeware and shareware websites (11.8 per cent) but there were a wide range of other outlets: websites offering video games, file sharing, online video, operating systems, hacked and cracked software, and so on.

In short, if you are trying to download something for free that you know you should really be buying, chances are it will come with some unwanted extras that your system will not notice.

"PPI networks operated with impunity towards the interests of users, relying on a user consent dialogue to justify their actions," the report notes. "We hope that by documenting these behaviors the security community will recognize unwanted software as a major threat."

In a related blog post, Google noted that it was constantly improving and updating its "safe browsing" notices in order to flag up sites that includes this sort of software, and its Cleanup Tool that helps prevent their installation. It is also a part of the Clean Software Alliance which is building an industry-wide approach to blocking these sorts of downloads. ®

Sponsored: The Nuts and Bolts of Ransomware in 2016

The Register - Security