Two Staffs men plead guilty to October 2015 TalkTalk cyber attacks

Pair took advantage of bulletin board highlighting TalkTalk's website security flaws

Two men from Tamworth in Staffordshire, have pleaded guilty to taking part in the October 2015 cyber attacks on internet service provider (ISP) TalkTalk, which was recently named as one of the worst ISPs in the UK by Which?.

The Old Bailey in London was told how 22-year-old Matthew Hanley used a ten-year-old SQL injection flaw to break-in to TalkTalk's systems, enabling him to peruse a customers' personal and financial details, which he passed on to his friend, 20-year-old Connor Allsopp. The court was told that Allsopp planned to use the information to commit fraud.

Hanley pleaded guilty to three charges under the Computer Misuse Act, and one charge of supplying an article for use in fraud.

However, Hanley denied hacking into the US space agency NASA, the National Climatic Data Centre and a number of other websites.

Hanley and Allsopp were among four people charged by police in connection with the TalkTalk hack. Daniel Kelley from Wales pleaded guilty in December 2016 to 11 charges of hacking, blackmail, fraud and money laundering.

In November last year, a 17-year-old from Norwich admitted kicking it all off when he posted details of TalkTalk's glaring security flaws online, a move that encouraged other hackers and would-be hackers, including Hanley and Allsopp, to have a go themselves.

Indeed, the BBC reports that the website was targeted more than 14,000 times after the vulnerabilities were published. However, it's not known how many far more competent attackers might have taken advantage of the glaring security flaws without drawing attention to themselves. TalkTalk subscribers have been affected in the past by scammers in a campaign of fraud that only appears to be targeted at customers of the ISP.

A fifth individual, a 15-year-old boy from County Antrim, Northern Ireland, was also arrested in the aftermath of the attacks. He has also been in court this week in a bid to maintain his anonymity, after he was named by national newspapers taking advantage of a legal technicality.