• Home
  • >
  • Blog
  • >
  • Another day, another hack.

Another day, another hack.

Steve Nice

Chief Technologist at Node4

Last week British Airways notified the ICO of a data breach which affected 380,000 users of their website. 

BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September. Information is scarce but more details are emerging about how the breach was possible. 

Examining the data provided by BA it's safe to assume that the attackers were able to execute a Man-in-the-Middle attack. A MitM is an attack where the attacker secretly relays the communication between two parties who believe they are directly communicating with each other.  The attacker doesn't want either the sending or receiving party to know this is happening so will not alter the data being transmitted.  For the attacker to achieve this they must have either had access to the BA.com website or a third party script being used by BA.com.  In this instance it looks like the latter as there are many JavaScript files executing on the BA.com website as this image shows.

 

BA2-1

 

This complex attack will take several weeks to forensically unpick. Hopefully BA will have invested in technologies such as a SEIM so they are able to understand how the attackers achieve access.