A man who was involved in a major hack attack of telecoms firm TalkTalk has been sentenced to four years’ detention.
Daniel Kelley, 22, from Llanelli, Carmarthenshire, pleaded guilty in 2016 to 11 charges including involvement in the attack where the personal data of more than 150,000 customers was stolen.
Kelley will serve his sentence in a young offenders institution.
He was sentenced at the Old Bailey on Monday.
Email addresses and bank details were taken after TalkTalk’s website was breached in 2015, with the total cost to the company from multiple hackers estimated at £77m.
Kelley’s hacking offences also involved half a dozen other organisations, including a Welsh further education college, Coleg Sir Gar, where he was a student.
- The teen behind the cybercrime screen
Kelley turned to hacking when he failed to get the GCSE grades to get on to a computer course, the court heard.
He hacked the college “out of spite” before targeting companies in Canada, Australia and the UK – including TalkTalk which has four million customers.
The 22-year-old has Asperger’s syndrome and has suffered from depression and extreme weight loss since he pleaded guilty to the 11 hacking-related offences in 2016, the court heard.
Judge Mark Dennis told the Old Bailey that Kelley hacked computers “for his own personal gratification” regardless of the damage caused.
He went on to blackmail company bosses, revealing a “cruel and calculating side to his character”, he said, though a blackmail charge was previously dropped by the Crown Prosecution Service.
Prosecutor Peter Ratliff previously described Kelley as a “prolific, skilled and cynical cyber-criminal” who was willing to “bully, intimidate, and then ruin his chosen victims from a perceived position of anonymity and safety – behind the screen of a computer”.
Between September 2013 and November 2015, he engaged in a wide range of hacking activities, using stolen information to blackmail individuals and companies.
Despite attempts at anonymity, his crimes were revealed in his online activities.
The court heard how Kelley was just 16 when he hacked into Coleg Sir Gar out of “spite or revenge”, causing widespread disruption to students and teachers and affecting the Welsh Government Public Sector network – including schools, councils, hospitals and emergency services.
Radiologists at Hywel Dda health board in west Wales lost access to diagnostic image services, with communication affected between hospital sites.
A spokesman for the board said Kelley’s actions posed a “serious clinical risk”.
After he was arrested and bailed, Kelley continued his cyber crime spree for a more “mercenary purpose”.
Mr Ratliff said Kelley had been “utterly ruthless” as he threatened to ruin companies by releasing clients’ personal and credit card details.
He hacked into TalkTalk and blackmailed Baroness Harding of Winscombe and five other executives for Bitcoin, the court heard.
But he only received £4,400 worth of Bitcoins through all his blackmail attempts, having made demands for more than £115,000.
Mr Ratliff said Kelley got “enjoyment and excitement from the power he wielded” over his victims.
Kelley sometimes worked with a hacking collective named Team Hans, the court heard.
If people refused to pay up, he would offer their details for sale on the dark web.
He was also found to be in possession of computer files containing thousands of credit card details.
Mitigating, Dean George QC appealed to the judge not impose a jail sentence on a young man who suffered with “severe depression”.