Nineteen-year-old man has pleaded guilty at the Old Bailey to blackmail, fraud and computer misuse offences
A teenager has been convicted of his involvement in the cyber security attack suffered by TalkTalk’s website in October 2015.
Daniel Kelley (pictured), 19 of Heol Dinbych, Llanelli Dyfed pleaded guilty at the Old Bailey to four counts of blackmail, two counts of fraud and an offence under the Computer Misuse Act (hacking).
He was bailed and is due to be sentenced on March 7, 2017.
Kelley also pleaded guilty to blackmail, offences under the Computer Misuse Act (hacking) and money laundering, which were linked to investigations conducted by the South Wales TARIAN Regional Organised Crime Unit.
Officers analysed blackmail emails sent to TalkTalk CEO Dido Harding and its staff, with further investigative work from the Metropolitan Police and National Crime Agency (NCA) officers leading them to link his online personas to his real-world identity.
They then discovered he was already on bail and 8under investigation by TARIAN detectives for other cyber crime offences committed before July 2015 and the TalkTalk intrusion.
Kelley was arrested for his involvement in the TalkTalk hack on November 24, 2015 by the Met’s Cyber Crime Unit (MPCCU).
Officers seized a number of electronic devices from his home address, including computers, phones and storage media, and subsequence analysis of these revealed evidence of his involvement in the TalkTalk intrusion.
This revealed Kelley was also responsible for blackmailing a senior executive of London-based cigar merchants JJ Fox, as well as other similar offences against companies and organisations in the UK and Australia.
Officers found compromised data belonging to several companies and when contacted, they also confirmed they had received blackmail demands for Bitcoin payments into wallets Kelley controlled.
In each case, he threatened to release compromised sensitive data such as customers’ personal details if payments were not made.
Officers found evidence that Kelley had attempted to sell compromised data from TalkTalk, JJ Fox and TAFE (part of the Australian education sector) on a web forum which could then enable other criminals to commit further fraudulent and criminal activities with those compromised identities.
He was also found to be in possession of personal data and credit card information belonging to several thousand people.
In total, Kelley demanded over 650 Bitcoins (around £96,000) from his various victims, including 465 Bitcoins from TalkTalk that were valued at over £81,000.
‘Prolific and calculating’
MPCCU detective chief inspector Jason Tunn said: “Kelley is a prolific and calculating cyber-criminal who has caused considerable damage, harm and loss; not only to those he directly blackmailed, but to the hundreds of thousands of customers of the companies whose personal details have either been stolen or used to try and extort money.
“The fact that Kelley was taking part in the cyber-attack against TalkTalk whilst on police bail for other similar offences shows his total disregard for the law.
“Excellent digital forensic and investigative work by all the officers has shown that cyber criminals cannot hide themselves totally and we will do all we can to identify and prosecute them.”
TARIAN Regional Cyber Crime Unit detective inspector Paul Peters added: “Today’s outcome demonstrates to the general public and the business community especially, that police forces up and down the country and across the world are ready and able to collaborate and investigate the most complex forms of cybercrime to ensure those responsible are put before the courts.
“These are extraordinary crimes which have origins in the most ordinary of circumstances, as Daniel Kelley, at the time of these offences, was a teenager committing serious crimes from the sanctuary of his bedroom in a typical family home in West Wales. The stark reality is that that serious online crimes can be committed by anybody, from anywhere.”
Kelley is the second person to be convicted in connection with the TalkTalk investigation.
In November 2016, a 17-year-old male pleaded guilty at Norwich Youth Court to computer Misuse Act offences against the provider, as well as a number of other educational establishments, companies and organisations both in the UK and overseas.
He was sentenced to a 12 month rehabilitation order as well as the confiscation of his computer having pleaded guilty to seven offences.