Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

3.3 Who were the attackers?

Two days after TalkTalk discovered the attack, its then chief executive, Dido Harding, said during a media interview that the company had suffered a ‘significant and sustained’ cyber-attack and received a ransom demand from someone purporting to be the hacker. The cybercrime unit of the Metropolitan Police had started investigating the attack, but very little information about the attack was available. However, a former detective from the cybercrime unit, Adrian Culley, suspected that the attack was the work of Islamist militants, as a group claiming responsibility for the attack had stated that it was done in the name of Allah. The group also posted sample customer data, claimed to be obtained from the attack, on the website Pastebin, which is often used by hackers for publishing stolen information (Khomami, 2015).

However, three days later, a 15-year-old boy was arrested in Northern Ireland on suspicion of being related to this attack. On 29 October 2015, a 16-year-old boy was arrested in Feltham, west London. Two days later, a 20-year-old man was arrested in Staffordshire. A further two male teenagers were arrested in Wales and Norwich within the next few weeks. They were all arrested on suspicion of offences under the Computer Misuse Act 1990. It became apparent that the attack had been undertaken by a group of British youngsters.

According to a report from Channel 4 News (White, 2015), a hacker who claimed to have been involved with the TalkTalk attack said the event happened days before TalkTalk discovered the attack. The hacker was in a Skype group call with friends when one member shared a security flaw he had discovered in TalkTalk’s website via a Google search. Such a basic flaw discovery technique should not have worked on a big company like TalkTalk, so they were laughing about TalkTalk’s unbelievably bad security. The hacker further said that multiple people had used the security flaw to extract data from TalkTalk’s customer database: ‘it got passed around … at least 25 people had access to it’. He claimed he only did it for fun and to impress his mates. He further claimed that he warned TalkTalk about the security flaw by posting a tweet an hour before the attack that highlighted the flaw and tagged TalkTalk’s Twitter account, but TalkTalk were not interested.

However, not all the attackers did it for fun. The then 20-year-old man arrested in Staffordshire in 2015, Matthew Hanley, and his friend Connor Allsopp, aged 18 at the time and arrested in 2017, were trying to sell the data that Hanley had stolen from TalkTalk’s website and the website’s security flaw for profit. The pair pleaded guilty to charges relating to the TalkTalk attack.

At the time of writing, six people have been arrested in relation to the TalkTalk attack and five of them have been charged:

  • Aaron Sterritt (aged 15 at the time of the attack, so his name was not revealed until 2018) was charged under the Computer Misuse Act and admitted to unauthorised access to computer material. He was ordered to complete 50 hours of community service, apologise to TalkTalk in writing and complete at least one cyber-crime education session (News Letter 2018).
  • A 17 year old, who could not be named because of his age, was arrested in Norwich in November 2015. He was charged under the Computer Misuse Act and admitted to seven offences at Norwich Youth Court in November 2016. The prosecution produced evidence that in addition to performing the initial breach of the TalkTalk site, the teenager had shared information about the site’s weaknesses on the internet. He was given a 12-month rehabilitation order.
  • Daniel Kelley, aged 19 from Wales, was charged with eighteen offences including money laundering and blackmail against the then-CEO of TalkTalk as well as offences under the Computer Misuse Act. Kelley pleaded guilty to eleven charges, including that of blackmail.
  • Matthew Hanley and Connor Allsopp were jointly charged with eleven offences at a trial at the Old Bailey in London. They were alleged to have attacked not only TalkTalk but also computers belonging to NASA, the National Climatic Data Center, Spotify, Telstra and the RAC. Hanley was charged under the Computer Misuse Act with committing fraud against TalkTalk customers. Allsopp was charged with two offences of supplying articles. In April 2017, the two were tried at the Old Bailey in London. Allsopp pleaded guilty to all offences. Hanley admitted to the charge of attacking TalkTalk, but not to the other attacks.

Activity 10

Timing: Allow about 10 minutes

You may not have met the Computer Misuse Act 1990. Use the link below or another resource to find out and list the computer misuse offences covered by the Computer Misuse Act 1990, including the latest amendments.

You should open the link in a new tab or window by holding down Ctrl (or Cmd on a Mac) when you click on the link. Return here when you have finished.

Computer Misuse Act 1990 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] (Great Britain. Computer Misuse Act 1990)


At the time of writing, the Act covers five offences, as listed below. However, new offence(s) or other amendment(s) may have been introduced by the time you attempted this activity.

  • 1. Unauthorised access to computer material.
  • 2. Unauthorised access with intent to commit or facilitate commission of further offences.
  • 3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
  • 3ZA. Unauthorised acts causing, or creating risk of, serious damage.
  • 3A. Making, supplying or obtaining articles for use in offence under section 1, 3 or 3ZA.

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371