TalkTalk hack to cost up to £35 million

The cyber attack on TalkTalk could cost it up to £35 million the company has said.

TalkTalk hack to cost up to £35 millionFollowing the hack- which divulged some users’ financial details, all customers of the telecoms group will be offered a free upgrade.

Chief executive Dido Harding said that despite the hack, TalkTalk was “well positioned to deliver strong and sustainable long-term growth”.

The firm expects still full year results to be in line with market expectations.

TalkTalk shares had jumped more than 13% by the close of trade on Thursday- but were still down more than 20% compared with their pre-hack value.

Speaking to the BBC, Ms Harding said: “The estimated one-off costs are between £30 million and £35 million – that’s covering the response to the incident, the incremental calls into our call centres, obviously the additional IT and technology costs, and then the fact that over the last three weeks until yesterday our online sales sites have been down, so there will be lost revenue as a result.”

She added that in recognition of the uncertainty that this had caused customers, they would be offered an upgrade.

A spokesperson said the type of upgrade offered would depend on the kind of package customers already had. For example, customers with TV packages might be offered a sports channel that they did not already have.

Customers who were financially affected directly will be free to leave TalkTalk without financial penalty. They would have to be able to show they had lost money as a result of the hack.

Customers who wish to leave for a different reason – for example, if they feel their data is not secure – would still have to pay a contract termination fee.

However Talk Talk’s offer to it’s customers is very limited

Some of TalkTalk’s millions of customers might have been angry enough to try to terminate their contracts when the telecommunications company first revealed details of a major data security breach last month.

But, with contracts for mobile, fixed line, broadband and television services of up to two years (always worth looking at those few lines at the bottom of the paperwork) customers found they couldn’t leave TalkTalk without incurring hefty costs.

When Dido Harding, the chief executive, first announced that customers would only be able to leave if they could show a “direct impact” on their bank account – a pretty high bar – investors heaved a sigh of relief and TalkTalk’s share price bounced up.

More than 15,600 bank account numbers and sort codes were stolen. Four people have been arrested and bailed in connection with the hack.

Ms Harding told the BBC that it was “too early to tell” what the longer term impact of the breach would be on the business.

Heartbleed attacks US banks

US banks have been the victim of hacking and attacked by the heartbleed cybervirus.

US banks have been the victim of hacking and attacked by the heartbleed cybervirus
In April 2014 the cybersecurity world was shocked by the discovery of Heartbleed- the name given to a vulnerability found in one of the systems we use to securely communicate over the internet.

In this hack – which investigators are calling the largest theft of consumer data from financial institutions ever – the Heartbleed bug was exploited to gain access to “Victim 2”, an as-yet unnamed financial firm headquartered in Boston.

But it’s just one angle to this enormous attack.

The real damage appears to have been done with some social engineering, executed in a way that shows just how difficult it is to defend against determined cybercriminals.

According to investigators, hackers gained access to various networks belonging to JP Morgan and six other financial institutions, scraping personal data they would then use to manipulate stock prices.

The three indicted men – Israelis Gery Shalon and Ziv Orenstein and American Joshua Samuel Aaron – were conducting “security fraud on steroids”, prosecutors say.

Another man, Anthony Murgio, was charged over running an illicit operation trading virtual currency Bitcoin.
Targeted mail

This is how prosecutors say Heartbleed functioned.

The hacking technique often involved using legitimate accounts belonging to Joshua Aaron.

Using this legitimate access, as if Mr Aaron was a normal customer, paved the way for the hackers to gain access to networks and systems containing reams of data about other customers – people who were investing in stocks.

Over the course of several years, they stole personal data on more than 100 million people. The hackers didn’t access bank details. They didn’t need nor want them.

Investigators said the hackers used the personal details to send out information to bosses’ email addresses, promoting certain stocks that hackers had bought cheaply. The price would rise, and the hackers would then sell off their now very valuable shares.

It’s a technique known as “pump and dump”.

The hackers were said to be using a remote server in Egypt to access the network of “Victim 3” – a financial services firm based in Omaha, Nebraska.

The remote server, which covered the accused’s real location, was used to log in to Mr Aaron’s account with Victim 3.

When info-security staff at the firm noticed the odd sign-in location, it locked Mr Aaron’s account. Good security practice.

But, according to the court papers: “Aaron called Victim 3 and, upon being notified that his account had been locked and asked by a customer service representative whether Aaron had been traveling in Egypt in March 2014, Aaron lied to the representative, and claimed that he had been in Egypt.

“In truth and in fact, and as Aaron well knew, Aaron had not been in Egypt and was merely attempting to convince Victim 3 to allow Aaron and his co-conspirators to access Aaron’s account online in furtherance of their efforts to hack into Victim 3.”

For banks – indeed any big company online – there’s a constant balance between making a system as secure as possible, but not locking it down so much that its frustrating for normal customers to use.

But that’s not all these men are accused of doing. According to the court papers, the men were involved in a myriad range of online crime.

As well as the stock manipulation, and running a Bitcoin trading platform to help launder the cash, the men were said to be running illegal online casinos, selling fake antivirus software and – that age old internet scam – offering the purchase of pharmaceuticals.

All of this added up to an alleged haul of £75 million which they kept in bank accounts in Switzerland.

Faulty ransomware makes data unrecoverable

Faulty coding in a ranson program that encrypts data means anyone hit by the Power Worm virus will not be able to recover files.

Faulty coding in a ranson program that encrypts data means anyone hit by the Power Worm virus will not be able to recover filesNormally, viruses known as ransomware decrypt files and data is recoverable when victims have paid a substantial fee.

But one variant of Power Worm destroys keys that could help recover any data that it scrambled.

Power Worm infects Microsoft Word and Excel files but the latest poorly written update of it goes after many more types of data files it finds on a victim’s machine.

The news comes as hackers produce new ransomware that is aimed at websites and encrypts data sitting on servers.

Malware researcher Nathan Scott discovered the variant and uncovered the mistakes its creator made when updating it.

Mr Scott believes the errors arose when the creator tried to simplify the decryption process. They tried to make it use just one decryption key but mangled the process of generating it. As a result, there is no key created for the files it encrypts when it compromises a computer.

There is unfortunately nothing that can be done for victims of this infection. If you have been affected by this ransomware, your only option is to restore from a back up.

The one consolation is that anyone attacked by the Power Worm should not pay the 2 bitcoin- about £500, ransom it asks for because they will not get any data back.

Many ransomware gangs accept payments in bitcoins and make a lot of money from each victim as Bitcoins are not traceable.

Ransomware is proving increasingly popular with hi-tech thieves and one group has now extended its list of potential targets to web servers that run Linux.

Russian anti-virus firm Dr Web has discovered a novel ransomware variant called Linux.encoder that tries to infect sites via add-ons such as shopping systems that many of them use.

Once it lands on a server, the software encrypts any files, images, pages, scripts and stored source code it finds on the machine’s main and back-up directories. Linux.encoder leaves behind a text file detailing how victims can pay the 1 bitcoin ransom required to recover their data.

Change of cyber theft approaches

“In the volume cybercrime space, ransomware is one of the most prolific problems we face,” said Greg Day, chief security officer for Europe at Palo Alto Networks.

“Credit card theft is getting to the point where the value of each card is very low. As a result ransomware has stepped into that gap and gives a higher value for each victim.”

Research by Palo Alto Networks and industry partners suggests the well-known Crypto Wall family of ransomware has generated about £215 million for the gang behind it.

“The return is so much better,” Mr Day said. “That’s why it’s escalated to such a level.”

He said regularly backing up data would help people and companies avoid having to pay criminals if they got caught out by ransomware.

Secure email Protonmail paid a ransom after DDOS web attacks

A secure email firm Protonmail, based in Switzerland, has paid a ransom of more than £3,600 after web attacks crippled its website.

A secure email firm Protonmail, based in Switzerland, has paid a ransom of more than £3,600 after web attacks crippled its website
The criminals behind the web attacks said the payment would stop the deluge of data hitting the site. But despite paying up, the web attacks continued, leaving Protonmail struggling to operate.

It has now launched a fund raising drive to raise cash to tackle any future attacks.

In a blogpost, Protonmail said it received an email on 3 November that contained a threat to attack its website unless it paid a ransom of 15 bitcoins (£3,640).

Protonmail did not respond to the message and, soon afterwards, was hit by what is known as a distributed denial of service (DDoS) attack. This tries to knock a server offline by bombarding it with more data than it can handle.

Protonmail is a free, web-based, encrypted email service that needs its site up and running to serve customers.

The first attack knocked out Protonmail for about 15 minutes and then stopped. A second attack the next day was much bigger and overwhelmed efforts by the email firm and its ISP to stop it.

“This co-ordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just Protonmail,” it said on the blog.

In a bid to halt the attack, Protonmail said it “grudgingly” paid the 15 bitcoin ransom.

However, it said, this did not stop the attacks which continued to cause problems for many other firms.

Eventually, Protonmail’s ISP took action to remove the company’s site from the net to stem the flow of data.

Post-attack analysis suggests Protonmail was targeted in two phases, the company said. The first aided the ransom demand but the second was “not afraid of causing massive collateral damage in order to get at us”.

Switzerland’s national Computer Emergency Response Team (Cert), which helped Protonmail cope, said the attack was carried out by a cybercrime group known as the Armada Collective. This group has also targeted many other Swiss web companies over the last few weeks, the team said.

It said anyone who received ransom email should not pay up. Instead, they should talk to their ISPs about the best way to defend themselves against attacks.

Protonmail said that despite its work to harden itself against attack, it was still vulnerable to DDoS data deluges. It said it planned to sign up with a commercial service that can defend against the attacks but this would be likely to cost it more than £66,000 a year.

“We are fighting not just for privacy, but for the future of the internet,” it said.

TalkTalk hack affected 157,000 customers

TalkTalk has said nearly 157,000 of its customers’ personal details were cyber hacked on it’s website.

TalkTalk has said nearly 157,000 of its customers' personal details were cyber hacked on it's websiteMore than 15,600 bank account numbers and sort codes were stolen, the company said.

This week police released a 16-year-old boy on bail who was the fourth person arrested in connection with the hack.

Since news of the cyber-attack emerged, TalkTalk shares have lost about a third of their value.

The firm said 4% of TalkTalk customers have sensitive data at risk. It confirmed that scale of the attack was “much more limited than initially suspected”.

TalkTalk said:

  • 156,959 customers had personal details accessed
  • Of those customers, 15,656 bank account numbers and sort codes were stolen
  • 28,000 stolen credit and debit card numbers were “obscured” and “cannot be used for financial transactions”.

Customers whose financial details were stolen have been contacted, and the firm will contact other affected customers “within the coming days”.

The cyber attack on TalkTalk’s website happened on 21 October, it added.

Details that TalkTalk previously said had been stolen included names, addresses, dates of birth, telephone numbers and email addresses.

In October, the firm described the attack as “significant and sustained”, but that it was too early to say which data had been stolen.

It initially said that all of its customers may have been affected, but then restated in its estimate.

Four people have been arrested over the hack so far: a boy of 15 in Northern Ireland, a 16-year-old boy from west London, a 20-year-old Staffordshire man, and a 16-year-old boy in Norwich. All four have been released on bail.