British Airways hackers used same tools behind Ticketmaster breach
The perpetrators appear to be conducting a larger campaign.
The British Airways web hack wasn't an isolated incident. Analysts at RiskIQ have reported that the breach was likely perpetrated by Magecart, the same criminal enterprise that infiltrated Ticketmaster UK. In both cases, the culprits used similar virtual card skimming JavaScript to swipe data from payment forms. For the British Airways attack, it was just a matter of customizing the scripts and targeting the company directly instead of going through compromised third-party customers.
RiskIQ also suspected that BA may have fallen victim earlier than claimed. While the air carrier said the data was compromised starting August 21st, Magecart received the SSL certificate used in the hack (to pose as a legitimate operation) on August 15th. Unless it simply waited to act, there's a chance it could have been active on the 15th, if not earlier.
It may be difficult to catch the intruders. The hacks have relied on service providers in Lithuania and Romania, and there's a good possibility the culprits are located somewhere else. This shows that the attacks are likely part of a coordinated campaign, however, and suggests that you could see comparable high-profile breaches in the near future.
