The British Airways Incident - 2018

TechNews Writer
Mon Feb 15, 2021

This was a huge and a terrific cyber-attack. This attack occurred in 2018, all the information regarding around 500,000 user/customers was being used and transformed. According to the investigations, this process had already started in the month of June in 2018. After this incident, the British airways and ICO took serious actions for this and made certain changes in order to improve the security process and methods after this incident. There were no hits regarding this cyber-attack, there were no suspects. This happened because the skimmer was changed completely. In order to avoid the detection of the data breach, the scripts were downloaded which would at the end mix with the usual process of payment.

Later, it was found out that this cyber-attack occurred with the help of a JS library. The fraudulent code was embedded by changing the Modernizer library in JavaScript. The version of the Modernizer library in JavaScript was 2.6.2 to be precise. An SSL certificate was being used here. The domain of the cyber-attack crime people was in Romania whereas the VPS was from the place Lithuania. The change performed in the Modernizer library in JavaScript was at the bottom of the script. A clear evidence was found when the headers was modified. This header from the British Airways was changed for the last time at in this incident. A suspicion was observed when this static header was changed at the last moment. December 2012 had the accurate clear version of the Modernizer script.

Let’s take a deep dive about the investigation of this British Airways cyber-attack. From the year of 2016, the card skimmers were used. A skimmer was placed inside a credit card reader in such a way that no one could get a suspicion. This device was located inside various machines at different places. For example: ATMs, fuel pumps etc. They said that the script can be injected using this device. This can help the cybercrime attackers to get the confidential information about the consumers while performing an online payment. The third-party suppliers can also help the cyber-crime attackers in the process of leaking such confidential data



Appears in
2021 - Spring - Issue 3