British Airways Violation: How did the pirates penetrate?



[ad_1]

A British Airways plane with steps next

Author's right of the image
Getty Images

Legend

It's not clear how hackers are mounted on BA's website and application – but cyber security experts have some suggestions

British Airways revealed that hackers had successfully breached its website and application, stealing data from thousands of customers.

But how was that possible?

BA has not revealed any technical details about the violation, but cybersecurity experts have some suggestions of possible methods.

Names, e-mail addresses, and credit card information, including card numbers, expiry dates, and three-digit CVV codes, were stolen by hackers.

At first glance, the firm's statement seems to give no details about piracy, but by "reading between the lines", it is possible to deduce some potential pathways of attack, says Professor Alan Woodward of the University of Surrey .

Take BA's specifics on the exact times and dates between which the attack took place – 22:58 Paris time, 21 August 2018 until 21:45 Paris time, 5 September 2018 included.

"They very carefully formulated the statement that anyone who made a card payment between these two dates is in danger," says Professor Woodward.

"It sounds a lot like the details that were captured at the point of entry – someone managed to put a script on the website."

  • Video: British Airways boss promises compensation
  • British Airways hit by "malicious" data breach

This means that as customers enter their credit card details, malicious code on the website or BA application may have sneaked this information away and sent it to someone else. Another one.

Professor Woodward points out that this is a growing problem for websites that incorporate code from third-party vendors – this is a supply chain attack.

Third parties may provide code to execute a payment authorization, submit advertisements, or allow users to connect to external services, for example.

Author's right of the image
Ticketmaster

Legend

Ticketmaster's popular ticketing site was the victim of a data breach earlier this year

Such an attack seemed to affect Recently Ticketmaster, after an on-site customer service chatbot was labeled as the potential cause of a breach affecting up to 40,000 UK users.

There is no way to know for sure if something similar has happened to BA. Professor Woodward points out that he might just as well be an insider of a company that has tampered with the website and the code of the application for malicious purposes.

According to Robert Pritchard, a former cyber security researcher at GCHQ and founder of Private, because the CVV data, the three-digit security code on credit and debit cards, were also taken into account. Cyber ​​Security Expert cabinet.

Indeed, CVV codes are not intended to be stored by companies, although they can be processed at the time of payment.

"That means it was either a direct compromise with their booking site or a compromise with a third-party provider," he told the BBC.

Professor Woodward added that private companies using third-party code on their websites and applications must continually review these products to ensure that security vulnerabilities do not appear.

"You can put the strongest lock you want on the front door," he said, "but if the builders left a ladder on a window, where do you think the burglars will go? ? "

[ad_2]
Source link