Norwich Youth Court heard the boy claim he was “just showing off” and had told friends he had “done enough to go to prison” following the breach.He told magistrates: “I didn’t really think of the consequences at the time. I was just showing off to my mates.”The teenager was arrested in Norwich on November 3 last year and charged with breaching the Computer Misuse Act 1990 following an investigation by the Metropolitan Police’s Cyber Crime Unit.He admitted the seven charges when he appeared at Norwich Youth Court on Tuesday. Sentencing was adjourned to December 13.Laura Tams, prosecuting, said the charges stemmed from the high-profile cyber attack on TalkTalk, but also included attacks on other websites, including Manchester University, Cambridge University and that of Merit Badges, a small family company that supplies martial arts badges.”He was using a software programme called SQL map, which the prosecution say is a hacking tool used to identify vulnerabilities on a website,” she said.Ms Tams explained that the tool is “legitimate software” but must only be used if the website consents.In the days before the TalkTalk hack, the youth gained access to a database of 693 staff and students at Manchester University containing email addresses and identity numbers which a “more capable hacker would be able to use for wider criminality”, Ms Tams said.He then attacked a library website belonging to Cambridge University, but both universities traced the IP of the computer used back to the teenager’s home address. Referring to the hack on the martial arts badge website, she said the teenager discussed putting an offer code on the website to give a 100 per cent discount. A link to a photograph of the teenager and his website was found on the site of one of the universities he targeted, Ms Tam said.Telecoms giant TalkTalk eventually fell victim to what it described as a “significant and sustained” attack on its website on October 21, 2015. It resulted in the personal data of nearly 160,000 people being accessed and was branded a “car crash” earlier this year by then information commissioner Christopher Graham.Ms Tams said the teenager had claimed in an online conversation that he “could potentially have everyone on TalkTalk” and then mentioned “wiping and nuking his digital devices”.Chris Brown, mitigating, reminded the court that it was not the prosecution’s case “that what happened at TalkTalk lies solely at his door”.He said that the vulnerability on the TalkTalk website had been talked about before the teenager accessed it.”That vulnerability was seized upon by someone who a matter of days previously had found a way of hacking another type of business,” said Mr Brown. “That company had its customer database seized, those customers were threatened with requests for money so their details weren’t sold on the dark web, and the company was asked to pay a ransom to prevent that happening.”That’s not [the teenager]. That’s someone acting completely apart from him. That person used the vulnerability in TalkTalk days later to demand things and emailed the chief executive of TalkTalk with similar blackmail efforts.” The thrill was in the chase. It was not in damaging their website or causing loss to them. It was playingChris Brown The teenager admitted the seven charges when he appeared at Norwich Youth Court on TuesdayCredit:Reuters I didn’t really think of the consequences at the time. I was just showing off to my matesTeenage hacker TalkTalk’s chief executive was blackmailed after a 17-year-old boy boasted about hacking its website online, a court heard. The teenager, who cannot be named for legal reasons, targeted Cambridge and Manchester University before using hacking tool software to identify TalkTalk’s vulnerabilities. He then posted the details online, resulting in the telecom giant being targeted more than 14,000 times and the chief executive being blackmailed via email. He said the teenager was challenged to prove he had done the things he claimed to have done when posting online messages, and was sometimes “called out”.”You’re dealing with someone who at the time was just 16 years old, who created a number of personas online,” said Mr Brown. Personas that talked about his abilities as a hacker.”He added: “There are other websites where he was called out as someone who exaggerates his prowess and is either called out or ceases to be involved in the conversation.””The thrill was in the chase,” Mr Brown added. “It was not in damaging their website or causing loss to them. It was playing.”He continued: “It’s inexplicable to the rest of us – why get in so much trouble for what’s bravado, to prove you can, to prove you’ve got the skills. You have somebody who becomes a personality online.”Mr Brown said the teenager’s part in the TalkTalk breach was “signposting”.Asked about his interest in computers nowadays, the teenager added: “It was a passion. Not any more. I’m very careful nowadays what I do. I realise what I’ve done is really significant and it won’t happen again. I’ve grown up.”Magistrates asked the teenager’s father why he had three computers and he replied that his son had a keen interest in computers but “a lot of it went over my head to be honest”.Chairman of the bench Jean Bonnick said magistrates may be minded to spare the teenager, who will be sentenced next month, jail. Want the best of The Telegraph direct to your email and WhatsApp? Sign up to our free twice-daily Front Page newsletter and new audio briefings.
- Return of pounds and ounces Britain might allow firms to use imperial
- Teenage boy killed in 3D printer explosion during school art project inquest hears