A teenager who admitted to a friend that he had done enough to go to prison for his part in the “car crash” TalkTalk hack is awaiting sentence after confessing to being “guilty as charged m’lud” at Norwich Youth Court.
Last October’s data breach sent shockwaves through UK businesses, and was slammed by the Information Commissioner’s Office last month following an investigation which found the attack had been carried out “with ease”.
TalkTalk was subsequently hit by a record £400,000 fine, although some estimate that it will ultimately cost the firm up to £60m.
The 17-year-old boy, who cannot be named for legal reasons, will return for sentencing on December 13.
Prosecutor Laura Tams said the charges also included attacks on other websites, including those of Manchester University, Cambridge University and a small family company that supplies martial arts badges, Merit Badges.
Tams said: “(The youth) was identified as having been involved in the TalkTalk matter, Metropolitan Police officers attended his home address and conducted a search of that and identified electronic devices that they took away for view. From that they identified the further offending that you see in front of you today.
“He was using a software programme called SQL map, which the prosecution say is a hacking tool used to identify vulnerabilities on a website.”
In the days before the TalkTalk hack, the youth gained access to a database of 693 staff and students at Manchester Uni containing email addresses and identity numbers which a “more capable hacker would be able to use for wider criminality”, Tams said.
He then attacked a library website belonging to Cambridge University, but both universities traced the IP of the computer used back to the teenager’s home address.
More than 600 attempts to hack the TalkTalk website were made in the days before the breach and a person who was not the teenager attempted to download a database, Tams added.
In a Skype conversation on the day of the breach, the teenager told a friend: “I’m going to get f*****”, adding that he had “done enough to go to prison”.
The teenager posted the TalkTalk vulnerability on a website, showing others how to access it.
In total six people, including three teenagers, were arrested over the incident in Llanelli, County Antrim, Feltham, Norwich, and Staffordshire.
Related stories
TalkTalk could have faced £70m fine under GDPR
TalkTalk rocked by record £400k fine for data breach
TalkTalk flayed over brutal treatment of pensioner
TalkTalk hits back at ‘worst customer service’ claim
TalkTalk claims bounceback despite slump in profits
Coppers told TalkTalk to keep schtum over breach
Three held at TalkTalk call centre for data theft
TalkTalk chief hits back: we’re just the punchball
TalkTalk under fire as 4m customers hit by hack