The cyberattack on British broadband supplier TalkTalk this week raises a host of questions over who could be behind it and what their aims are. TalkTalk said on Friday it had received a ransom demand from an unidentified party claiming responsibility for the attack that may have led to the theft of personal data from its more than 4 million customers, including bank and credit card details.
Computer experts say details provided by TalkTalk and publicly available network data suggest that the hackers gained access by exploiting vulnerabilities in TalkTalk's customer website rather than by some form of insider attack.
Samples of financial data which appeared to come from TalkTalk customers are already for sale in cybercriminal forums on the so-called dark web, experts from two separate security research firms, FireEye and Rapid7, told Reuters. A TalkTalk spokeswoman declined to comment, citing the ongoing police investigation.
Most experts say they want to wait to learn more technical details following the police investigation before they try to assess how the attack took place and who may be responsible. It may take weeks or months for forensic investigators to unravel what happened.
But theories have been put forward. Copenhagen-based cyber forensics investigator Jens Monrad said hackers seeking to exploit the value of stolen customer data often publish small samples of stolen data in order to attract buyers in the criminal underworld who will in turn try and exploit customer details for financial gain.
Adrian Culley, a former detective at Scotland Yard's cybercrime unit, told the BBC the cyberattack appeared to be the work of an Islamist group, but provided no specific evidence for his theory. "We are aware of speculation regarding alleged perpetrators; this investigation remains at an early stage; a full assessment of the alleged data theft is ongoing," London's Metropolitan Police Cyber Crime Unit said in a statement.
An attack on French television network TV5Monde in April that was originally attributed to pro-Islamic State hackers is now believed by many security experts to be the work of a Russian-based hacking group which they have dubbed APT 28.
Gavin Millard, the Europe, Middle East and Africa regional technical director of U.S. security firm Tenable Networks, said the breadth and regularity of attacks had led the American public to suffer "breach fatigue," a hapless passivity in the face of forces beyond their control.
Retailers such as Target, Wall Street bank J.P. Morgan and several U.S. healthcare providers have each had tens of millions of customer records stolen. These attacks affected far more customers than the TalkTalk assault, which nonetheless ranks as one of the biggest ever in Britain.
The difficulties involved in tracing those behind such hacks have been shown by the investigations into the attack on infidelity website Ashley Madison in August, when details of 39 million customers of were leaked, and into the invasion of the corporate network of Sony Corp's film studios last year.
No culprit has been identified in either attack yet, despite many false trails.
