TalkTalk ransom demand: How do you sort mischief from malice?

Hackers demanding ransom for consumer financial information stolen from the UK company TalkTalk is just the latest in this year's high-profile hackings.

Stefan Wermuth/Reuters
A man walks into a TalkTalk building in London, Britain, where a 'significant and sustained' cyber attack could involve the theft of private data from all of the broadband supplier's more than 4 million customers. The identity – and therefore the intent and legal responsibility – for cyber attacks is difficult to trace.

A mass of confidential information has been stolen and released online, those immediately affected are upset, and the government is trying without success to bring the perpetrator to justice.

Whether the information released endangers diplomatic relations, customers' banking security, or a reality TV star's marriage, the tools to track and punish the hackers are about the same.  

"We're living in a world where we can’t easily tell the difference between a couple of guys in a basement apartment and the North Korean government with an estimated $10 billion military budget," security expert Bruce Schneier wrote for The Christian Science Monitor. "Everyone from lone hackers to criminals to hypothetical cyberterrorists to nations' spies and soldiers are using the same tools and the same tactics."

The UK company TalkTalk, an internet, TV, and mobile provider is the most recent victim of an unknown hacker or group of hackers. TalkTalk said Wednesday that an attack had breached its cyber security defenses, but it remains unclear how much consumer data – including bank information, names, and email addresses – hackers could have stolen and decoded.

TalkTalk CEO Dido Harding said the current assumption is that "all of our customer's personal financial information has been accessed." 

The cyberattack occurred on Wednesday, but on Friday came a new twist: Ms. Harding received a ransom note.

The sender claimed to be the hacker behind Wednesday's attack and asked for money. Harding says she has no way of knowing whether the sender is the real hacker or an opportunist.

One week ago, a Twitter user claiming to be a high school student said he or she had hacked CIA Director John Brennan's application for security clearance, The Christian Science Monitor reported. The hacker cited opposition to US foreign policy and support for Palestinians as motivations for the act.

Unless an idealistic digital enthusiast or an official representative of a sitting government wants to admit the deed, assigning blame and aportioning punishment for cyber attacks is difficult. The only "government" that seems to like regularly confessing to covert attacks is ISIS, and nobody has diplomatic relations with them anyway.

Government officials do not currently have a unified policy on how to name, much less prosecute, hacking incursions. The director of national intelligence, James R. Clapper Jr., said a recent hacking of 5.6 million Americans' fingerprints by the Chinese was not a cyber "attack" because they were foreigners who wanted to spy on, not destroy the data, The New York Times reported, making it an act of espionage, not theft.

Some people would like to change that. Business leaders have taken advantage of the TalkTalk hacking to note that while only major hacker attacks make the news, they constantly harass businesses, the BBC reported. Data theft should be given the same investigative priority as physical theft, said Oliver Parry, an advisor to the Institute of Directors, to police.

Former UK home office minister Hazel Blears said the TalkTalk breach should provide an impetus for discussions about more regulation.

"This is probably the biggest threat to our economy," she told The BBC. 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.