Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Next Web)   "It took hackers just 22 lines of code to steal British Airways' customer data". Pfft, amateurs, I can do that with a Perl one-liner   ( thenextweb.com) divider line
    More: Misc, TicketMaster UKhack, Modernizr javascript version, Computer security, certain user actions, Law enforcement agencies, National Crime Agency, Cyber Security Centre, good web-app 0day  
•       •       •

730 clicks; posted to Geek » on 12 Sep 2018 at 11:17 PM (9 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



19 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2018-09-12 07:18:43 PM  
So what was the code?
 
2018-09-12 07:24:11 PM  

Mugato: So what was the code?


cdn.riskiq.comView Full Size
 
2018-09-12 09:49:32 PM  
img.fark.netView Full Size
 
2018-09-12 11:37:51 PM  
I can create a GUI interface using visual basic to track customer IP address and get it that way.
 
2018-09-13 12:31:16 AM  
You need two people at the keyboard to stay ahead of the hackers.
 
2018-09-13 12:34:46 AM  
How long were the lines?
 
2018-09-13 12:44:33 AM  

abhorrent1: I can create a GUI interface using visual basic to track customer IP address and get it that way.


If it's a VB app I'm just going to assume all my personal information is getting sent directly to Nigeria.
 
2018-09-13 12:50:51 AM  

AverageAmericanGuy: You need two people at the keyboard to stay ahead of the hackers.


img.fark.netView Full Size
 
2018-09-13 12:51:13 AM  
RiskIQ speculated that a group called Magecart is behind this attack

How come vendors always appear to be so competent publicly yet provide me with crap service? It's like a great restaurant that decides to open franchises but with zero quality control.
 
2018-09-13 01:54:38 AM  

Ivo Shandor: [img.fark.net image 600x607]


more realistically

imgs.xkcd.comView Full Size
 
2018-09-13 03:44:32 AM  

Chevello: How long were the lines?


72 CPL
 
2018-09-13 07:38:51 AM  

Chevello: How long were the lines?


Good question. I searched for Magecart, and a top result was a zdnet article detailing the latest victim (Feedify), and it has a link to the allegedly offending file, a minified js file. So like, super long.

Funny part is denying the zdnet site permission to send push system notifications as the page loads, then seeing that Feedify is the compromised platform.
 
2018-09-13 09:04:37 AM  
Sounds like the premise for a new game show called  "Steal that code"
I can steal that code in 22 lines.
-I can steal that code in 21 lines.
I can steal that code in 20 lines
-I can steal that code in 18 lines
....steal that code!
 
2018-09-13 12:30:53 PM  
I've worked for weeks on problems that only take 1 or 2 lines of code to fix. It's not the number of lines of code that matters, it's sticking them in the right place.
 
2018-09-13 12:48:43 PM  
Things that make something sound amazing to non-IT people
"It took hackers just 22 lines of code to steal British Airways' customer data"

Things that are obvious to IT people
"Exploits are usually fairly easy to abuse once you know exactly what they are"
 
2018-09-13 03:09:59 PM  

oopsboom: Things that make something sound amazing to non-IT people
"It took hackers just 22 lines of code to steal British Airways' customer data"

Things that are obvious to IT people
"Exploits are usually fairly easy to abuse once you know exactly what they are"


Especially when you realize it breaks down to four lines of parameters, six lines of brackets, and ten lines of documentation for code that doesn't exist yet (or anymore, or possibly ever).
 
2018-09-13 03:46:23 PM  

paidhima: Especially when you realize it breaks down to four lines of parameters, six lines of brackets, and ten lines of documentation for code that doesn't exist yet (or anymore, or possibly ever).


Don't forget about the lines of code needed to configure the framework that's actually doing the bulk of the work.

22 lines to call and use jQuery, probably hundreds of lines of code actually running inside of jQuery itself.
 
2018-09-13 05:02:06 PM  
Sounds like subby is hitting the pipe.

/heh
 
2018-09-13 09:04:30 PM  

oopsboom: Things that make something sound amazing to non-IT people
"It took hackers just 22 lines of code to steal British Airways' customer data"

Things that are obvious to IT people
"Exploits are usually fairly easy to abuse once you know exactly what they are"


The article was somewhat misleading. They never covered how the hackers compromised the server to begin with. The "22 lines of code" is just what they inserted into a common Javascript library used on the site. The code was triggered anytime someone clicked the submit button and just copied whatever was entered in the payment form then sent it to the hacker's server. That code I posted earlier was the code the hackers inserted I snagged from RiskIQ's site. Now how something this obvious could go unnoticed for that long by a multi-million dollar international corporation is another story.

img.fark.netView Full Size
 
Displayed 19 of 19 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking





On Twitter



Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report