UK telecom giant TalkTalk was the target of a massive cyberattack in 2015, which saw hackers steal 157,000 customers' personal data. The TalkTalk hack reportedly resulted in the firm sustaining a loss of around £60m and losing nearly 100,000 customers to the competition. Daniel Kelly, 19, one of the several hackers arrested for carrying out the attack and facing up to 14 years in prison, is now reportedly warning budding hackers about the dangers of getting into the murky world of cybercrime.
Kelly, who recently admitted to blackmailing Talk Talk as well, is now cautioning wannabe hackers not to follow in his footsteps. In a recent statement, Detective Chief Inspector Jason Tunn, from the Metropolitan Police Falcon Cyber Crime Unit (MPCCU), characterised Kelly as a "prolific and calculating cyber-criminal".
"It's really crazy to think that he's talking to me but I guess that's how they look at it. What I've done is essentially going to haunt me for the rest of my life," the hacker told Motherboard.
Kelly claimed he was interested in computers throughout school but that the small town of Llanelli in South Wales, where he hails from, didn't offer much in helping him hone his skills.
"There's not much to do, and the internet offered me opportunities and a way to cure boredom," he said.
The hacker allegedly participated in a few bug bounty programmes, only to eventually be drawn into more malicious activities.
"When you're surrounded by people on these networks that engage in these criminal acts it essentially becomes a norm, and it's extremely addicting. There's nobody around to tell you what you're doing is wrong," Kelly said. "It's a difficult feeling to explain, but it's essentially a feeling of euphoria, and once you've experienced it, it's something that you always chase. It's a bit like a drug, but on a whole different level obviously. And the more you develop your skills, the stronger the feeling becomes because you're able to do more things."
Kelly's arrest does not appear to have stopped his interest in cybersecurity. Motherboard reports that he has taken to informing NHS about security vulnerabilities and is also running a service to notify those affected by data breaches.
"I know that it's probably the advice they were expecting, but seriously — don't do it," he said, imagining what he would tell other young people who may get into cybercrime. "Crimes online are treated no different from crimes in the real world, I've had to learn that the difficult way. You might assume that you're more or less invincible but if you do something serious enough, you'll be caught and put through the justice system."