An "Islamic group" claiming to be behind the TalkTalk cyber attack have said they are teaching "our children to use the web for Allah" and that they will not be stopped.
Their message read: "We Have adapted To The Security measures Of The Web...We Cannot Be Stopped.
"We have made our tracks untraceable through onion routing, encrypted chat messages, private key emails, hacked servers.
"We will teach our children to use the web for Allah.. Your hands will be covered in blood.. judgement day is soon ....one childrens name is Mohammed.
"Your women are being taken over by us. Your children are being killed by us for being shit on earth."
They then went on to post 29 TalkTalk email addresses under the subheading "from password Change log" although it is unclear as to whether the passwords for the 29 email accounts have indeed been changed.
Adrian Culley, a former detective in the Met's cyber crime unit pointed to group's post while speaking about the hack on BBC Radio 4's Today programme.
"They are claiming to be from Soviet Russia and be an Islamic cyber jihadi group," he explained.
"They have posted on to Pastebin information that appears to be TalkTalk customer private information."
Customers took to Twitter, after TalkTalk announced the cyber attack on Thursday, deriding the firm for not encrypting sensitive customer information.
Encryption is a security technique used to ensure that even when data is stolen, only those with a certain key will be able to read it.
However, TalkTalk boss Dido Harding said she was unsure about whether personal details belonging to the firm's four million customers had been encrypted.
Speaking to the BBC Radio 4's Today programme she explained:
"I am, in a sense, saying that there is a risk that all of our customers' personal data has been accessed and therefore we are taking that very seriously and looking to make sure that we can help our customers protect themselves if that data has been stolen.
"Yes, I''m sorry but that is exactly why I am on the airwaves this morning saying all of this, why we are giving all of our customers free credit monitoring for the course of the next years so that they can monitor if criminals are using that information to try and impersonate their identity."
What To Do Next If You're A TalkTalk Customer
According to TalkTalk the target was the following information on all four million of its users:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
Official advice from the company is as follows:
- Keep an eye on your accounts over the next few months. If you see anything unusual, please contact your bank and Action Fraud as soon as possible. Action Fraud is the UK’s national fraud and internet crime reporting centre, and they can be reached on 0300 123 2040 or via www.actionfraud.police.uk
- If you are contacted by anyone asking you for personal data or passwords (such as for your bank account), please take all steps to check the true identity of the organisation.
- Check your credit report with the three main credit agencies: Call Credit, Experian and Equifax
Security experts have also warned that the fallout from the attack could be just as dangerous. Speaking to the BBC, Manchester University's Daniel Dresner warned that all customers should show an increased vigilance against those who claim to be from TalkTalk.
Dresner explained that in the aftermath of an attack of this kind it's common for hackers to then take advantage of the situation and get even more information from the customers by posing to be from the company.
TalkTalk says to combat this all customers must remember that the company will never ask the following:
- Ask for your bank details to process a refund. If you are ever due a refund from us, we would only be able to process this if your bank details are already registered on our systems.
- Call you and ask you to download software onto your computer, unless you have previously contacted TalkTalk, discussed and agreed a call back for this to take place.
- Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security.