South Wales Police Arrest TalkTalk’s Suspected Ransom Demander

Police in South Wales have arrested a fifth person in connection with last month’s cyber-attack on TalkTalk’s website (here) and interestingly the individual concerned was taken into custody on suspicion of blackmail.

The 18 year old was arrested yesterday by the Southern Wales Regional Organised Crime Unit (SWROCU) as part of a raid on a property in Llanelli (South Wales) and was later taken to Dyfed Powys police station, although no further details have been released.

One of the stand out moments from the incident came in October 2015 when TalkTalk’s CEO, Dido Harding, confirmed that she had received an email demanding a ransom from somebody purporting to be behind the attack.

“It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker. All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money,” said Harding to the BBC in October.

The attack was the result of a combined Distributed Denial of Service (DDoS) assault and later an SQL Injection exploit against the ISPs website. Many of those arrested so far have been boys under the age of 18, although most of those cases won’t be heard until next year.

Overall 156,959 of the broadband ISP’s customers were affected by the hack, mostly via a general loss of personal data, although 15,656 bank account numbers and sort codes were also accessed (details). Since then TalkTalk has worked to beef up its website security and a Government Inquiry has also been launched (here).