One of the perpetrators of the 2015 TalkTalk cyber hack has been sentenced to four years in prison for his role in the attack.
Judge Mark Dennis sentenced him at the Old Bailey to four years’ detention in a young offenders institution. Judge Dennis said Kelley hacked computers “for his own personal gratification”, regardless of the damage caused. Kelley went on to blackmail company bosses, revealing a “cruel and calculating side to his character”, he said.
TalkTalk experienced three significant cyber attacks in 2015, resulting in a leak of the details of over 150,000 customers. The company hired the cyber arm of defence contractor BAE Systems to investigate the breach.
Kelley’s hacking offences also involved half a dozen other organisations, including a Welsh further education college, Coleg Sir Gar, where he was a student.
His actions caused “stress and anxiety” to his victims, as well as harm to their businesses, with the total cost to TalkTalk from multiple hackers estimated at £77m.
Between September 2013 and November 2015, Kelley engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies. Despite attempts at anonymity, his crimes were revealed in his online activities.
In September 2012, he boasted on Skype that he was “involved with black hat activities and I can ddos (Distributed Denial of Service)” in reference to malicious hacking. Commenting on what he was doing, he wrote on an online forum: “Oh God, this is so illegal.”
The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of “spite or revenge”. The DDoS attack caused widespread disruption to students and teachers and also affected the Welsh Government Public Sector network, which includes schools, councils, hospitals and emergency services.
After he was arrested and bailed, Kelley continued his cyber-crime spree for a more “mercenary purpose”. Prosecutor Peter Ratliff said Kelley had been “utterly ruthless” as he threatened to ruin companies by releasing personal and credit card details of clients.
He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.
However, he only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for coins worth over £115,000.