Originally Posted by
kristofera
It does: all data was sent to a cloud hosting site/VPS in Lithuania. Neither BA or British law enforcement bothered to contact the hosting company, instead it was brought to their attention by a member of the public several days after BA issued their alert.
https://www.scmagazineuk.com/amp/upd...rticle/1492560
Those pointers can easily be forged. The shear amount of forensic investigation that is involved in determining the source (which can often never be definitively determined) is beyond the scope of one single country or all 'cybersecurity' firms in collaboration. The hosting company may simply have been the first stop in data delivery to unknown parties in unknown countries. Examining the script is also likely non-conclusive. Professionals put inferences in malware to deliberately deceive and obfuscate the originator.