Teen TalkTalk hacker accused of cryptocurrency fraud in US

Elliott Gunton, one of the hackers who breached the systems of internet service provider (ISP) TalkTalk in 2015, faces extradition to the US to answer new charges relating to a cryptocurrency fraud that could result in a 20-year gaol term.

The charges, which include wire fraud and identity theft, according to the BBC, were filed in San Francisco and relate to a 2017 breach of the EtherDelta cryptocurrency exchange through its host, Cloudshare. One customer is thought to have lost around $800,000 in the attack.

Gunton was one of a number of people from around the UK arrested in the wake of the October 2015 TalkTalk hack, which compromised the personal data of 150,000 broadband and telecoms customers of the firm. Gunton was 16 at the time.

The fall-out from the attack was substantial, trashing TalkTalk’s reputation among consumers, and resulting in substantial fines from the Information Comissioner’s Office (ICO).

As recently as May 2019, TalkTalk was forced to admit new failings after an investigation by the BBC’s Watchdog Live programme found it had failed to notify 4,545 victims, which would now be a breach of the General Data Protection Regulation (GDPR).

Despite being found guilty over his involvement in the TalkTalk breach, Gunton, who lives in Norwich, continued his criminal career.

In 2018, his computing equipment was seized during checks by police to ensure his compliance with a Sexual Harm Prevention Order. They found that he had offered to supply fraudsters with compromised personal data in exchange for payment in Bitcoin, and incriminated himself through statements made on Twitter.

He had also breached the systems of the Australian telecoms firm Telstra and taken over an Instagram account with more than a million followers.

Following his arrest, Norfolk police were able to trace and recover £275,000 worth of cryptocurrency controlled by Gunton. In August 2019, he was sentenced to 20 months in prison – although he was released due to time served on remand – and ordered to repay more than £400,000. He was also handed a three-and-a-half year community order restricting his use of the internet.

Nozomi Networks CEO Edgard Capdevielle commented: “If the charges against Elliott Gunton are upheld, he could face a lengthy prison sentence, which is clearly intended to make him realise his crimes were not worth it. Law enforcement are clamping down on cyber crime and the risk of getting caught is greater than ever.

“While there can be no denying hacking tools are increasing in sophistication, the tools law enforcement use to track cyber criminals are also improving. We are likely to continue to see more and more perpetrators charged for cyber crimes, making hackers think twice before launching attacks as tracks will always be left.”

In a post-script to the EtherDelta hack, the US Securities and Exchange Commission (SEC) charged the exchange’s CEO Zachary Coburn with running an unregistered securities exchange. Although he did not admit to the offence or deny guilt, Coburn paid $300,000 in disgorgement, $13,000 in prejudgment interest, and a $75,000 penalty.