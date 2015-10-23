By Eric Auchard
| FRANKFURT
FRANKFURT Oct 23 The cyberattack on British
broadband supplier TalkTalk this week raises a host of
questions over who could be behind it and what their aims are.
TalkTalk said on Friday it had received a ransom demand from
an unidentified party claiming responsibility for the attack
that may have led to the theft of personal data from its more
than 4 million customers, including bank and credit card
details.
Computer experts say details provided by TalkTalk and
publicly available network data suggest that the hackers gained
access by exploiting vulnerabilities in TalkTalk's customer
website rather than by some form of insider attack.
Samples of financial data which appeared to come from
TalkTalk customers are already for sale in cybercriminal forums
on the so-called dark web, experts from two separate security
research firms, FireEye and Rapid7, told Reuters.
A TalkTalk spokeswoman declined to comment, citing the
ongoing police investigation.
Most experts say they want to wait to learn more technical
details following the police investigation before they try to
assess how the attack took place and who may be responsible. It
may take weeks or months for forensic investigators to unravel
what happened.
But theories have been put forward.
Copenhagen-based cyber forensics investigator Jens Monrad
said hackers seeking to exploit the value of stolen customer
data often publish small samples of stolen data in order to
attract buyers in the criminal underworld who will in turn try
and exploit customer details for financial gain.
Adrian Culley, a former detective at Scotland Yard's
cybercrime unit, told the BBC the cyberattack appeared to be the
work of an Islamist group, but provided no specific evidence for
his theory.
"We are aware of speculation regarding alleged perpetrators;
this investigation remains at an early stage; a full assessment
of the alleged data theft is ongoing," London's Metropolitan
Police Cyber Crime Unit said in a statement.
An attack on French television network TV5Monde in April
that was originally attributed to pro-Islamic State hackers is
now believed by many security experts to be the work of a
Russian-based hacking group which they have dubbed APT 28.
Gavin Millard, the Europe, Middle East and Africa regional
technical director of U.S. security firm Tenable Networks, said
the breadth and regularity of attacks had led the American
public to suffer "breach fatigue," a hapless passivity in the
face of forces beyond their control.
Retailers such as Target, Wall Street bank J.P.
Morgan and several U.S. healthcare providers have each
had tens of millions of customer records stolen. These attacks
affected far more customers than the TalkTalk assault, which
nonetheless ranks as one of the biggest ever in Britain.
The difficulties involved in tracing those behind such hacks
have been shown by the investigations into the attack on
infidelity website Ashley Madison in August, when details of 39
million customers of were leaked, and into the invasion of the
corporate network of Sony Corp's film studios last year.
No culprit has been identified in either attack yet, despite
many false trails.
