The TalkTalk cyber attack that has potentially affected four million customers around the UK could have been caused by an Islamic jihadi group, a former detective in the Met's cyber crime unit has said.
Speaking to the BBC Radio 4's Today programme, Adrian Culley said the perpetrators posted a message online last night claiming to be part of an Islamic group based in Soviet Russia.
He also said the "hackers" had included customer private information in their post to a site known as Pastebin.
"They are claiming to be from Soviet Russia and be an Islamic cyber jihadi group," he explained.
"They have posted on to Pastebin information that appears to be TalkTalk customer private information."
The message from the alleged "TalkTalk Hackers" stated:
"We Have adapted To The Security measures Of The Web...We Cannot Be Stopped. We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers. We will teach our children to use the web for Allah.. Your hands will be covered in blood.. judgement day is soon ....one childrens name is Mohammed. Your women are being taken over by us. Your children are being killed by us for being shit on earth."
- TalkTalk Suffers 'Significant And Sustained Cyber-Attack' With Four Million Customers Potentially Affected
This is third cyber attack to affect site in the last eight months, with "hackers" targeting customer sensitive information including names, addresses, date of births and telephone numbers.
TalkTalk boss Dido Harding, who was also on BBC Radio 4's Today programme admitted that she was not sure if the data had been encrypted, essentially exposing all of the above details to cyber criminals.
"I am, in a sense, saying that there is a risk that all of our customers' personal data has been accessed and therefore we are taking that very seriously and looking to make sure that we can help our customers protect themselves if that data has been stolen," she said.
She added: "Yes, I''m sorry but that is exactly why I am on the airwaves this morning saying all of this, why we are giving all of our customers free credit monitoring for the course of the next years so that they can monitor if criminals are using that information to try and impersonate their identity."
Customers took to Twitter following the cyber attack with some expressing frustration over how the company had handled their information.
I'm a #TalkTalk customer & I'm confident hackers got nothing. They're so incompetent all our info will be wrong anyway. Idiots— Yanny (@Roseyanny) October 23, 2015
No #talktalk I don't feel like, as a customer, you've kept me informed at all. Why do I have to find this out via the ten o'clock news?!— Sonikmummy (@sonikmummy) October 22, 2015
So #talktalk has been hacked and we all find out via Sky news and not talktalk themselves... Lovely 😡👊🏼— ✨~Carly~✨ (@carlymerriman_x) October 22, 2015
What To Do Next If You're A TalkTalk Customer
According to TalkTalk the target was the following information on all four million of its users:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
Official advice from the company is as follows:
- Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
- If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
- Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax
Security experts have also warned that the fallout from the attack could be just as dangerous. Speaking to the BBC, Manchester University's Daniel Dresner warned that all customers should show an increased vigilance against those who claim to be from TalkTalk.
Dresner explained that in the aftermath of an attack of this kind it's common for hackers to then take advantage of the situation and get even more information from the customers by posing to be from the company.
TalkTalk says to combat this all customers must remember that the company will never ask the following:
- Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
- Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
- Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.