{"id":12404,"date":"2018-09-11T08:07:09","date_gmt":"2018-09-11T12:07:09","guid":{"rendered":"http:\/\/worldjusticenews.com\/news\/?p=12404"},"modified":"2018-09-11T08:07:09","modified_gmt":"2018-09-11T12:07:09","slug":"british-airways-suspect-code-that-hacked-fliers-found","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2018\/09\/11\/british-airways-suspect-code-that-hacked-fliers-found\/","title":{"rendered":"British Airways: Suspect code that hacked fliers &#8216;found&#8217;"},"content":{"rendered":"<p class=\"story-body__introduction\">A cyber-security firm has said it found malicious code injected into the British Airways website, which could be the cause of\u00a0<a class=\"story-body__link\" href=\"https:\/\/www.bbc.co.uk\/news\/uk-england-london-45440850\" target=\"_blank\" rel=\"noopener\">a recent data breach that affected 380,000 transactions<\/a>.<\/p>\n<p>A RiskIQ researcher analysed code from BA&#8217;s website and app around the time when the breach began, in late August.<\/p>\n<p>He claimed to have discovered evidence of a &#8220;skimming&#8221; script designed to steal financial data from online payment forms.<\/p>\n<p>BA said it was unable to comment.<\/p>\n<p>A very similar attack, by a group dubbed Magecart, affected the Ticketmaster website recently, which RiskIQ said it also analysed in depth.<\/p>\n<p>The company said the code found on the BA site was very similar, but appeared to have been modified to suit the way the airline&#8217;s site had been designed.<\/p>\n<p>&#8220;This particular skimmer is very much attuned to how British Airway&#8217;s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,&#8221; the researcher wrote\u00a0<a class=\"story-body__link-external\" href=\"https:\/\/www.riskiq.com\/blog\/labs\/magecart-british-airways-breach\/\">in a report on the findings<\/a>.<\/p>\n<p>&#8220;The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.&#8221;<\/p>\n<p>Hacks like this make use of an increasingly common phenomenon, in which large websites embed multiple pieces of code from other sources or third-party suppliers.<\/p>\n<p>Such code may be needed to do specific jobs, such as authorise a payment or present ads to the user. But malicious code can be slipped in instead &#8211; this is known as a supply chain attack.<\/p>\n<p>In BA&#8217;s case, hackers stole names, email addresses and credit card details &#8211; including the long number, expiry date and the three-digit CVV security code.<\/p>\n<p>&#8220;As this is a criminal investigation, we are unable to comment on speculation,&#8221; said BA in a statement.<\/p>\n<p>A spokesman for the UK&#8217;s National Crime Agency said it was aware of the RiskIQ report but would not be commenting at this time.<\/p>\n<p>RiskIQ said the malicious script consisted of just 22 lines of code. It worked by grabbing data from BA&#8217;s online payment form and then sending it to the hackers&#8217; server once a customer hit the &#8220;submit&#8221; button.<\/p>\n<p>The cyber-security firm added that the attackers had apparently been able to gather data from mobile app users as well because the same script was found loaded into the app on a page describing government taxes and carrier charges.<\/p>\n<p>&#8220;The page [in the app] is built with the same&#8230; components as the real website, meaning design and functionality-wise, it&#8217;s a total match,&#8221; the RiskIQ report noted.<\/p>\n<div class=\"story-body\">\n<div class=\"story-body__inner\">\n<p>RiskIQ recommended that BA customers affected by the breach get a new debit or credit card from their bank.<\/p>\n<p>The firm pointed out that whoever was behind the attack had apparently decided to target specific brands and that more breaches of a similar nature were likely.<\/p>\n<p>&#8220;There is a very clear emerging risk where the weakest link in payment processes is being actively targeted,&#8221; cyber-security expert Kevin Beaumont told the BBC.<\/p>\n<p>&#8220;And that weakest link in the chain is often by placing older systems or third-party code into the payment chain.&#8221;<\/p>\n<p>Andrew Dwyer, a cyber-security researcher at the University of Oxford added that the attackers appeared to have gone to &#8220;extraordinary lengths&#8221; to tailor their code to the BA site.<\/p>\n<p>According to RiskIQ, they also acquired a Secure Socket Layer (SSL) certificate &#8211; which suggests to web browsers, not always accurately, that a web page is safe to use.<\/p>\n<p>If this was indeed how the attack worked, he added, there are ways of preventing third-party code taking data from sensitive web pages.<\/p>\n<p>&#8220;BA should have been able to see this,&#8221; he told the BBC.<\/p>\n<\/div>\n<\/div>\n<div id=\"topic-tags\">\n<div id=\"u39145338372327387\">\n<div class=\"tags-container\">Source: <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-45481976\" target=\"_blank\" rel=\"noopener\">bbc.co.uk<\/a><\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">A cyber-security firm has said it found malicious code injected into the British Airways website, which could be the cause of\u00a0a recent data breach that affected 380,000 transactions. A RiskIQ researcher analysed code from BA&#8217;s <a class=\"mh-excerpt-more\" href=\"https:\/\/worldjusticenews.com\/news\/2018\/09\/11\/british-airways-suspect-code-that-hacked-fliers-found\/\" title=\"British Airways: Suspect code that hacked fliers &#8216;found&#8217;\">[&#8230;]<\/a><\/div>\n","protected":false},"author":1,"featured_media":12405,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[2,4],"tags":[5507,308,2134,2936,1157,5508],"class_list":{"0":"post-12404","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-uk","9":"tag-british-airways","10":"tag-cybersecurity","11":"tag-data-breach","12":"tag-hacking","13":"tag-national-crime-agency","14":"tag-riskiq","15":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/12404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=12404"}],"version-history":[{"count":1,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/12404\/revisions"}],"predecessor-version":[{"id":12406,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/12404\/revisions\/12406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/12405"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=12404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=12404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=12404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}