» ISP News » 

TalkTalk Hack – Teenager Held UK ISP to Ransom for 465 Bitcoins

Tuesday, September 27th, 2016 (4:37 pm) - Score 1,983
police united kingdom

The Westminster Magistrates Court has heard how 19-year-old Daniel Kelley, who was arrested in Llanelli (South Wales) at the end of last year on suspicion of blackmail, attempted to extort 465 Bitcoins (worth £216K) from TalkTalk following the devastating 2015 Cyber-Attack on their systems.

The attack itself was the result of a combined Distributed Denial of Service (DDoS) assault and an SQL Injection exploit against the ISP’s website (here), which ultimately resulted in masses of personal customer and financial data being stolen.

Since then various UK children and adults have been arrested in connection with the hack, not to mention several support agents in India who were working for TalkTalk through their outsourcing sub-contractor Wipro (here).

At the time TalkTalk’s embattled CEO, Dido Harding, confirmed that she had received an email demanding a ransom. “It is hard for me to give you very much detail, but yes, we have been contacted by, I don’t know whether it is an individual or a group, purporting to be the hacker. All I can say is that I had personally received a contact from someone purporting – as I say I don’t know whether they are or are not – to be the hacker looking for money,” said Harding.

Daniel Kelley is accused of carrying out similar attacks and making related blackmail demands against several other companies from around the world (e.g. Zippo), as well as TalkTalk. The Guardian reports that in total he is said to have demanded 593 Bitcoins, which is currently worth roughly £276,000. Overall Kelley faces 14 charges related to blackmail, four computer hacking offences and two fraud offences.

Kelley was formally charged with the offences yesterday, before being released on conditional bail until 10th October 2016 and he has yet to enter a plea.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
20 Responses
  1. Avatar Apolloa

    Oh good, so I expect to see this teenager on the morning BBC news gloating how he’s now in a high paid job as a ‘security expert’. Just like the Lulzsec member, the team who took down PSN and Xbox Live and stole data.
    If they give this hacker a simple slap,on the wrist, which is they usually do, expect this case to be absolutely no deterrent to hackers what so ever.
    IMO people to need to grow a big pair, get clued up and ask experts and throw these scum into jail for several years.

    • Avatar Bob2002

      Teenagers have been engaging in thrill seeking petty crime for a long time – cyber-crime is so, so, much easier and feels “virtual” and “victimless”. Internet interactions feel like an impersonal information processing exercise and Internet use disinhibits us. ‘

      No, I’m not saying he should be let off lightly but we have a bit of a knuckle dragging attitude to understanding Internet behaviour and the way it changes our thought patterns and choices.

    • Avatar Apolloa

      Teenage hackers deserve to be thrown in jail, they steal personal information, a lot of it, hacking is just the faceless way to walking into an office armed with guns, the crime is the same as is the outcome. Age is NO excuse, none! And unless people grow a pair and start to punish hackers, it will be an unsafe and interesting future. They’ll get bored and shut down power stations next.

  2. Avatar captain.cretin

    TT heaved a sigh of relief when his age was revealed.

    Their security was so crap, they were concerned a five year old had hacked them

    • Avatar 2bobsworth

      Out of curiosity do you also believe Sony’s security was ‘crap’ when their Playstation network got hacked? You do realise that if a giant such as Sony can get hacked then pretty much any company can?

    • Avatar FibreFred

      The difference is the Sony attack was more sophisticated. The talktalk one was using an exploit that was very well known and people patched years ago, I bet the kid couldn’t believe his luck.

    • Avatar 2bobsworth

      So why didn’t the PSN hackers use their “sophisticated” attacks to attack bigger fish such as Google, Apple, Microsoft etc? Sophisticated attack or not, its clear that Sony’s PSN network wasn’t secure enough wrt theft of user data.

    • Avatar FibreFred

      This isn’t about Sony despite your talktalk defending. It is about the poor state of IT security at talktalk despite multiple attacks

      They should have patched something know about for many years

      Love to see your defence holding up in court “well sony also got hacked so….”

    • I’d be interested to know the specifics of how the SQL Injection occurred within their system; did any public break-down of the code involved ever get released?

      On the surface these things always seem simple, but often hackers find ways around the usual sanity checks against variables. I’ve seen some pretty clever SQL exploits in my time and it’s always the unexpected bits that kill you.

      A lot of this also stems from the way that languages like PHP have been created in the past and the practices that allowed. Heck if you go into a classroom today the way they teach students to code still neglects security as a first rule.

    • Avatar Steve Jones

      @Mark Jackson

      It’s simply just extremely bad practice to expose database servers to the Internet at all. Good practice is for there to be a separate front-end layer in a DMZ providing a strictly controlled set of functions for public exposure with back end application logic and database sitting behind another firewall. What should never be allowed to happen is ad-hoc database access from the web layer to a back-end database.

      I can understand small organisations not having the resources to do this right, but it’s unacceptable practice for a larger company. It smacks of taking short cuts. SQL injection attacks are one of the oldest exploits in the book and the ways to avoid these sort of exploitations are well known. The gold standard involves separating the front-end web layers from the back end using strictly controlled functional calls. There’s really no excuse in a large company for being exposed to what are really quite crude attacks.

    • Avatar Data Analysis

      “It’s simply just extremely bad practice to expose database servers to the Internet at all.”

      Considering for most broadband and phone services people manage them online or have an account with their billing details and personal info like name, address etc online. I guess its safe to say all the ISPs have bad practice including BT and MyBT which had my details all in a nice online database.

    • Avatar FibreFred

      data anal

      You simply don’t understand front end (dirty) and back end integration

      But troll on and don’t forget to mention bt despite no relevance

    • Avatar Data Analysis

      Wow what is all that unwarranted abuse about? Pretty sad.

  3. Avatar captain.cretin

    @ 2bobsworth

    As I understand it, the Sony hack was carried out by a team of experienced, government funded hackers with sophisticated equipment and techniques.

    TT was hacked by a spotty teen with his mums PC, and armed with an off-the-shelf kiddiscript hacking kit…. apparently.

    • Avatar Apolloa

      Actually no, it was a bunch of teenagers and older men who are bored. Sony was hacked easily because their security was incredibly weak, as is Apples iCloud.security etc..

    • Avatar captain.cretin


      I read somewhere that the hack was due to a certain film about a certain nutjob who “owns” a rogue SE Asian country armed with dodgy nukes.


    Truth is, if a computer has an internet connection it can be hacked.
    No such thing as 100% secure

    • Avatar Steve Jones

      “There’s no such thing as 100% secure” is no excuse for leaving open gaping holes for known exploits. The fact is nobody is 100% guaranteed to not be involved in an accident whilst driving, but that doesn’t mean people should be downright careless when doing so.

  5. Avatar Optimist

    SQL injection attacks are only possible because data isn’t checked for validity. I worked on large IT systems decades ago and the idea that transactions in a data input stream into e.g. an accounting system would somehow manage to corrupt the program’s code would be ludicrous.

  6. Avatar Evan Crissall

    Accused: Daniel Mark KELLEY, 19, of Heol Dinbych, Llanelli, Carmarthenshire SA15 1JN [born Q1 1997 Carmarthen; mother: JOHN]

    Father Mark Richard KELLEY [b. Q1 1969 Llanelli; mother: RICHARDS] m. [Q3 1993 Llanelli] Tracy Jane JOHN [b.Q2 1965 Llanelli; mother: GEORGE]

    Mr Mark Kelley BA, MA, Head of School, Faculty of Performing Arts, Carmarthen campus, University of Wales, Trinity Saint David — “Background: a Director, Writer, Set, Lighting and Sound Designer, Production Manager, Builder and Fabricator”

    The Kelleys, a thespian family? Useful background, should they reward us with a show trial.

    (Alleged) internet villain Danny Kelley, the pantomime baddie (“he’s behind you!”). Holding to ransom the Princess Dido, daughter of Baron Hardup, for forty pieces of Bitcoin.

    Chrissake! Who writes these awful scripts?! The runts at BT shorting TalkTalk’s stock?

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER20
  • Plusnet £21.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • TalkTalk £22.95 (*29.95)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2721)
  2. FTTP (2611)
  3. FTTC (1757)
  4. Building Digital UK (1705)
  5. Politics (1611)
  6. Openreach (1569)
  7. Business (1390)
  8. FTTH (1315)
  9. Statistics (1208)
  10. Mobile Broadband (1178)
  11. Fibre Optic (1044)
  12. 4G (1015)
  13. Wireless Internet (1002)
  14. Ofcom Regulation (993)
  15. Virgin Media (980)
  16. EE (672)
  17. Sky Broadband (657)
  18. TalkTalk (644)
  19. Vodafone (642)
  20. 5G (474)
New Forum Topics
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact