Student organized £ 77million TalkTalk hack after being rejected from computer class

David Kelley, now 22, from Heol Dinbych, South Wales, was part of a group of cybercriminals who committed the data breach in October 2015

David Kelley, 21, hacked into the company’s system and obtained email addresses, phone numbers, bank account numbers and sort codes

A student who took part in a massive £ 77million hack on the TalkTalk mobile network was motivated by ‘malice or revenge’ after being refused a computer course at the university, a court has heard.

David Kelley, 22, from Llanelli, South Wales, turned to black hat hacking when he failed to get the necessary GCSE scores.

The disgruntled student then joined a group of cybercriminals who committed the data breach in October 2015.

They targeted businesses large and small, as far away as Canada and Australia, and tried to hold the bosses to ransom.

The 22-year-old appeared in Old Bailey on Wednesday to be sentenced after pleading guilty to 11 hacking-related offenses.

Kelley was sentenced today after pleading guilty to 11 hacking-related offenses in December 2016


gavin rodgers / pixel)

These included intentional hacking, six counts of blackmail, incitement to hack, offering to provide fraud-related data, and possession of items for fraud.

His conviction is now postponed until next Tuesday.

Prosecutor Peter Ratliff described Kelley as a “prolific, knowledgeable and cynical cybercriminal” who was ready to “intimidate, intimidate, and then ruin his chosen victims in a perceived position of anonymity and security – behind a computer screen. “.

Between September 2013 and November 2015, he engaged in a wide range of activities ranging from deliberate and damaging disruption of computer networks to blackmailing individuals and businesses whose data had been hacked.

Although he remained largely anonymous online, his crimes were exposed in snippets collected from chat logs, in interest in Bitcoin accounts and in uploaded material, the court said.

In September 2012, he boasted on Skype that he was “involved in black hat activity and I can do ddos ​​(Distributed Denial of Service)” in reference to the malicious hacking.

The court heard that Kelley was only 16 when he hacked into Coleg Sir Gar Higher Education College in Carmarthenshire out of ‘spite or revenge’.

The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh government public sector network, including schools, councils, hospitals and emergency services.

The 22-year-old was allegedly involved in the hack after being turned down for a college computer course, the Old Bailey has learned.


AFP / Getty Images)

After being arrested and released on bail as a result of the chaos, Kelley continued his wave of cybercrime for a more “mercenary” purpose.

Mr Ratliff said Kelley had been “utterly ruthless”.

He said: “Where confidential and sensitive information was stolen in the hack – typically the personal and credit card details of the company’s customers – the defendant would threaten the company to publicly disclose the material, knowing and exploiting the fact that disclosure would risk the ruin of the company concerned. “

Kelley hacked TalkTalk and blackmailed Baroness Harding of Winscombe and five other Bitcoin executives, the court said.

Its operations contributed to TalkTalk’s losses of tens of millions of pounds, while the small businesses it targeted were forced to spend hundreds of thousands of pounds to mitigate the damage.

The accused, who suffers from Asperger’s syndrome and depression, has only received £ 4,400 in Bitcoins thanks to his blackmail attempts, after asking for more than £ 115,000.

One of the tactics he used was to threaten to disclose vulnerabilities in a company’s systems and software and to promise DDoS attacks if he didn’t get paid.

In one case, he contacted all the customers of a hacked company and asked them to each pay a Bitcoin or risk having their personal data leaked.

The prosecutor said: “It is clear from the contents of the emails the accused sent that he derived pleasure and excitement from the power he wielded over those he sought to intimidate.”

Kelley sometimes worked with a hacker collective called Team Hans


Getty Images / iStockphoto)

Kelley has occasionally worked with a hacking collective named Team Hans, the court said.

He didn’t limit himself to online blackmail and on one occasion made a threatening phone call, Mr Ratliff said.

If people refused to pay, it would offer their details for sale on the dark web.

He was also found in possession of computer files containing thousands of credit card details.

Last November, his accomplices Connor Allsopp, 21, and Matthew Hanley, 23, of Staffordshire, were jailed for a total of 20 months for their roles in the breach.

However, Kelley’s sentence was delayed as he was on trial for a separate hack committed while on bail for the Talk Talk offenses.

As a mitigation, Dean George QC asked the judge not to impose a prison sentence on a young man who suffers from “severe depression”.

Kelley, who was released on bail, went from “overweight” in 2016 to “extreme” weight loss, following the case.

Mr George said: “Some cases are exceptional. The courts can make a difference for some people and that is one of those circumstances. It is a difficult decision.”

The lawyer described his client as being reduced to “skin and bones”, adding: “The surprise would be if he got out of jail.”

Judge Mark Dennis QC has indicated he will hand down his sentence next Tuesday.

Comments are closed.