Hacker behind TalkTalk data breach is jailed for four years

‘Cruel and calculating’ cyber criminal, 22, who stole TalkTalk customer details in massive data breach that cost mobile network £77million is locked up for four years

  • Daniel Kelley turned to hacking and blackmail after flunking out of college
  • He hacked into firms’ computers then demand payment for not releasing data
  • He would ‘bully, intimidate and ruin’ victims from behind his computer screen
  • Judge orders him to spend four years in a young offenders institution

Daniel Kelley, 22, has been jailed for four years after he admitted involvement in a massive TalkTalk hack attack

A cyber criminal who took part in a massive TalkTalk hack attack and blackmailed former chief executive Dido Harding has been locked up for four years.

Daniel Kelley, from Llanelli, South Wales, turned to ‘black hat’ hacking when he failed to get the GCSE grades to get on to a computer course.

He hacked the college ‘out of spite’ before targeting companies in Canada, Australia and the UK – including the Telecommunications giant which has four million customers.

He used stolen information to blackmail individuals and companies, the court heard.

Prosecutors said he was ‘utterly ruthless’ as he threatened to ruin companies by releasing personal and credit card details of clients. 

The 22-year-old has Asperger’s syndrome and has suffered from depression and extreme weight loss since he pleaded guilty to 11 hacking-related offences in 2016.

Judge Mark Dennis sentenced him at the Old Bailey to four years’ detention in a young offenders institution.

The bedroom of Daniel Kelley in Llanelli, South Wales, from where he launched the scams

Judge Dennis said Kelley hacked computers ‘for his own personal gratification’ regardless of the damage caused.

He went on to blackmail company bosses, revealing a ‘cruel and calculating side to his character’, he said.

He used the stolen data to blackmail former chief executive Dido Harding in a series of emails demanding payment of 465 bitcoin – now worth more than £285,000 – in exchange for not releasing it. 

Kelley caused ‘stress and anxiety’ to his victims as well as harm to their businesses, with the total cost to TalkTalk from multiple hackers estimated at £77million.

Previously, prosecutor Peter Ratliff has described Kelley as a ‘prolific, skilled and cynical cyber-criminal’ who was willing to ‘bully, intimidate, and then ruin his chosen victims from a perceived position of anonymity and safety – behind the screen of a computer’.

Between September 2013 and November 2015, he engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies.

Despite attempts at anonymity, his crimes were revealed in his online activities.

Kelley blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin

In September 2012, he boasted on Skype that he was ‘involved with black hat activities and I can ddos (Distributed Denial of Service)’ in reference to malicious hacking. 

Commenting on what he was doing, he wrote on an online forum: ‘Oh God, this is so illegal.’

The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of ‘spite or revenge’.

The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh Government Public Sector network – including schools, councils, hospitals and emergency services.

Kelley was described as ‘utterly ruthless’ in blackmailing his victims who would ‘bully, intimidate, and then ruin his chosen victims’

After he was arrested and bailed, Kelley continued his cyber crime spree for a more ‘mercenary purpose’.

He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.

Kelley’s activities contributed to TalkTalk losses of tens of millions of pounds, while smaller firms he targeted were forced to spend hundreds of thousands of pounds to mitigate the damage.

The defendant, who has Asperger’s syndrome and depression, only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for more than £115,000.

In another instance, he contacted all the customers of a hacked company and demanded they each pay one Bitcoin under threat of their personal data being released.

Mr Ratliff said Kelley got ‘enjoyment and excitement from the power he wielded’ over his victims.

Kelley sometimes worked with a hacking collective named Team Hans, the court heard.

He did not confine himself to online blackmail – and on one occasion made a menacing phone call, Mr Ratliff said.

If people refused to pay up, he would offer their details for sale on the dark web.

He was also found to be in possession of computer files containing thousands of credit card details.

In mitigation, Dean George QC had appealed to the judge not impose a jail sentence on a young man who suffers with ‘severe depression’.

Kelley, who had been on conditional bail, had gone from being ‘overweight’ in 2016 to undergoing ‘extreme’ weight loss, as a result of the case, the court was told.

In December 2016, Kelley pleaded guilty to 11 charges including hacking with intent, six counts of blackmail, encouraging hacking, offering to supply data in connection with fraud, and possession of articles for fraud.

Source: Read Full Article