This is nuts. Not only did a bunch of teenagers hack into some of the best defended networks in the world, but the UK authorities allowed one individual to do this three times - despite arresting him in the first instance then bailing him - for him to do the same again - TWICE.
The legal system in the UK is a joke. The computer misuse act alone should have been enough to detain him pending trial, and yet, they released him and allowed him to continue??
https://www.bbc.com/news/technology-66549159
Now, admittedly, there is an art form here that should be leveraged and understood in order for organizations to better arm themselves against future attacks. If juveniles are able to break their way into high profile organizations, then this would literally be kindergarten for an experienced nefarious actor.
It seems that high profile companies will continue to remain targets while they focus more effort on profits than user vulnerability. According to the article, the attackers bombarded employees with access requests and some approved this access as a way of making it stop!
There are several extremely valuable lessons that can be learned from these events - one of them being able to determine the level of risk posed by an individual - which it seems that the UK authorities completely failed to do.
More on the recently updated Computer Misuse Act can be found below
