Hundreds of Online Shopping Sites Vulnerable to Theft
Clever Trickery to Disguise the Hacking Activities
Although the way the affected websites were infected remains unknown, it has been determined that all of the affected e-commerce sites run on the Magento e-commerce CMS platform. The malicious domain, named www.magento-analytics[.]com, has no connection to the popular CMS platform whatsoever despite its similar name. The use of the CMS platform’s name as part of the malicious domain’s name is merely a ruse to confuse customers and thus to disguise the malevolent activity. Researchers discovered that www.magento-analytics[.]com is registered in Panama, but that the IP address that it used has jumped across the globe to countries including the United States, Russia, and China.
How the Hack is Perpetrated
The hacking technique used in this cybercrime is a fairly classic method of stealing digital data. The code is identical to what the notorious Magecart hackers used to gain access to the details of customers on the British Airways, Newegg, and Ticketmaster websites. Malicious script is inserted into checkout pages where it silently captures payment details as shoppers make their purchases. The information is then sent to a remote server where it is retrieved by the hackers.
Be Cyber Safe
Customers shopping online would do well to practice basic personal oversight of their credit cards and bank statements. Any unauthorized transaction appearing there, no matter how minute, should be reported immediately.
On 16 and 21 October 2015 Matthew Hanley hacked the TalkTalk website and stole personal details of over 150,000 customers. This included their full names, postal addresses, telephone numbers, dates of birth and banking details. Hanley handed the data over to Connor Allsopp to sell to Daniel Kelley, who had the intention of committing fraud with the information. Kelley then tried to extort 465 bitcoins (around US$2 million) from Dino Harding – the CEO of the company at the time.
TalkTalk suffered massive losses. The breach cost the company a staggering £77 Million in financial losses, including a fine of £400,000 levied on the company by the Information Commissioner’s Office (ICO) for their failure to carry out fundamental security measures required to prevent a security breach such as this from happening. This is not to mention the implications the attack has on future business for the company. Who wants to subscribe to a vulnerable supplier? The attack also caused severe distress and misery to the people whose confidential information were stolen and then passed on to a third party.
Two individuals of extraordinary talent
The court case took place on Monday, 19 November at Old Bailey where Judge Anuja Dhir presided. The Judge said that it is tragic that the two hackers have such extraordinary talent. During the trial, Matthew Hanley (23), and Connor Allsopp (21) admitted to the crimes against TalkTalk. Until his arrest on October 2015, Hanley was an unwavering hacker – he was fully aware that what he was doing is illegal, and of the risk involved in it. The hacker was sentenced to one year in prison and his associate Allsopp received an eight-month sentence. Described by Judge Dhir as a ‘dedicated hacker’ Hanley’s sentence was longer than Allsop’s who ostensibly played a lesser role in the cybercrime.
Cybercriminals never take breaks and never waste an opportunity to steal sensitive data from unsuspecting companies. British Airways doesn’t look like an easy target, but apparently, their defensive mechanisms were not enough to prevent hackers from stealing customer data from their website. The company has confirmed the fact that as many as 380,000 customers had their personal details and credit card numbers exposed during the data breach.
15 Days of Cyber-Insecurity for British Airways
The attack started on August 21 and customers who have booked their flights on the company’s website and through its mobile app were affected. British Airways has advised them to get in touch with their banks and take the necessary measures to protect themselves. The hackers got their hands on the names, addresses and financial information belonging to the victims. According to a British Airways spokesperson, they were not able to get the travel details and passport numbers.
Furthermore, the company has reassured customers that the payment methods saved on its website are still secure. Essentially, the hackers only got the information from the credit cards used during those two weeks of mayhem. British Airways didn’t provide information about how the hackers were able to create the breach, but went to great lengths to reassure customers that they are no longer in danger. Meanwhile, the National Crime Agency is working to assess the best course of action.
Now that the vulnerability has been resolved, British Airways clients were reassured that they can access the site and buy tickets securely. This is not the first time an airline is attacked by hackers this summer, as this incident comes just a few weeks after Air Canada suffered a major data breach. In that attack, more than 20,000 customers using the company’s mobile app had travel and passport details exposed.
Shimon Sheves truly embodies the adage, “Think Global, Act Local”. He is deeply passionate about his homeland of Israel and works tirelessly to support his community. Sheves is also the founder and chairman of HolistiCyber company that provides nation-state level cyber protection.