Go Back  PPRuNe Forums > Flight Deck Forums > Rumours & News
Reload this Page >

BA hacked but they're 'deeply sorry'

Rumours & News Reporting Points that may affect our jobs or lives as professional pilots. Also, items that may be of interest to professional pilots.

BA hacked but they're 'deeply sorry'

Old 7th Sep 2018, 01:14
  #1 (permalink)  
Thread Starter
 
Join Date: Mar 2015
Location: North by Northwest
Posts: 476
Likes: 0
Received 0 Likes on 0 Posts
BA hacked but they're 'deeply sorry'

380K bank cards allegedly. Check your bank accounts if you booked in the last two weeks according to below.
https://www.msn.com/en-gb/news/newsm...len/ar-BBMY18u
b1lanc is offline  
Old 7th Sep 2018, 01:40
  #2 (permalink)  
 
Join Date: Jul 2014
Location: Harbour Master Place
Posts: 662
Likes: 0
Received 0 Likes on 0 Posts
LOL, there is no such thing as safe computing, there never will be unless you build you own hardware and write your own entire software stack (including compiler) FROM SCRATCH. This has been known since before outside the military since 1983, as demonstrated by Ken Thompson, with a proof: Why You Shouldn't Trust Ken Thompson.

Original Paper:Reflections on Trusting Trust To: what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

He references a much earlier finding about this know flaw, and in virtually every computer system ever produced is vulnerable.
CurtainTwitcher is offline  
Old 7th Sep 2018, 01:55
  #3 (permalink)  
Paxing All Over The World
 
Join Date: May 2001
Location: Hertfordshire, UK.
Age: 67
Posts: 10,095
Received 56 Likes on 46 Posts
Alex Cruz, British Airways' chairman and chief executive, said: "We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously."
But not seriously enough!

Of course, the Board of BA (and the Director of IT in particular) must be very relieved that this is 'criminal' activity as then it's not their fault and no one will have to lose their gold plated job, company car and pension.
PAXboy is offline  
Old 7th Sep 2018, 03:14
  #4 (permalink)  
 
Join Date: Mar 2008
Location: Bangkok
Posts: 49
Likes: 0
Received 0 Likes on 0 Posts
website security

Originally Posted by PAXboy
But not seriously enough!
Not seriously at all, I would say. Even now, after the breach, their credit card payment page is lacking some basic measures to keep data entered on it safe from 3rd parties...
kristofera is offline  
Old 7th Sep 2018, 05:39
  #5 (permalink)  
 
Join Date: Jan 2003
Location: Manchester
Age: 45
Posts: 615
Likes: 0
Received 0 Likes on 0 Posts
You could do it from the inside. Just saying
Ex Cargo Clown is offline  
Old 7th Sep 2018, 09:53
  #6 (permalink)  
 
Join Date: Jan 2016
Location: Cambridge
Age: 54
Posts: 28
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by CurtainTwitcher
LOL, there is no such thing as safe computing, there never will be unless you build you own hardware and write your own entire software stack (including compiler) FROM SCRATCH. This has been known since before outside the military since 1983, as demonstrated by Ken Thompson, with a proof: Why You Shouldn't Trust Ken Thompson.

Original Paper:Reflections on Trusting Trust To: what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.

He references a much earlier finding about this know flaw, and in virtually every computer system ever produced is vulnerable.
What makes you think building/writing it yourself will make it safer? Isolated systems can be made safe/secure, but they generally aren't very useful for connected applications...
BigDotStu is offline  
Old 7th Sep 2018, 10:37
  #7 (permalink)  
 
Join Date: Dec 2014
Location: Hopefully, with an aircraft strapped to my backside...
Posts: 33
Likes: 0
Received 0 Likes on 0 Posts
A little light reading from El Reg to shed some more light on the issue:

https://www.theregister.co.uk/2018/0...irways_hacked/
alexgreyhead is offline  
Old 7th Sep 2018, 10:44
  #8 (permalink)  
 
Join Date: Feb 2002
Location: UK
Age: 58
Posts: 3,390
Received 89 Likes on 40 Posts
Originally Posted by Yournamehere
The standard of BA's IT across a number of areas has been shown to be well below par over the last couple of years or so.

There also seems to be a lack of serious ownership of the issues by BA too but will any heads roll?
The heads have already rolled, the IT department was outsourced a while ago.
TURIN is offline  
Old 7th Sep 2018, 10:44
  #9 (permalink)  
 
Join Date: May 2002
Location: uk
Posts: 314
Likes: 0
Received 0 Likes on 0 Posts
BigDotStu is right - as soon as you connect to the outside world your system integrity is compromised. You might have written it yourself but eventually someone cleverer that you is going to find the loophole you don't know anything about. Unfortunately in this day and age not being connected isn't a practical option.
vancouv is offline  
Old 7th Sep 2018, 11:52
  #10 (permalink)  
 
Join Date: Jan 2007
Location: Liverpool
Posts: 33
Likes: 0
Received 0 Likes on 0 Posts
Of course they are sorry, GDPR and the new scale of fines available for incidents like this will make them very sorry indeed.
Ben_S is offline  
Old 7th Sep 2018, 11:59
  #11 (permalink)  
 
Join Date: Feb 2005
Location: Botswana
Posts: 887
Likes: 0
Received 0 Likes on 0 Posts
From The Register article: “The biz, which bills itself as
,”

BA hasn't billed itself as that for about 25 years or so. I think they know that wouldnt stand up nowadays.
RexBanner is offline  
Old 7th Sep 2018, 17:51
  #12 (permalink)  
 
Join Date: May 2017
Location: UK
Posts: 4
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by TURIN
The heads have already rolled, the IT department was outsourced a while ago.
Yes it was and I was one of the staff who lost their job. It was outsourced to TATA in Chennai, India. Since then there have been a number of IT failures but the management who were responsible for the outsourcing (and are still there) continue to put out the line that the outsourcing is not responsible. I've seen reports of staff in callcentres and IT service centres in 3rd world countries who are selling customer data to criminal entities.

I have just moved my phone/broadband service and it turns out the new provider outsources their support to India. I am now receiving an average of 5 calls per day from scammers reporting that my broadband/pc/router/tablet/phone has a problem that they can fix remotely. The last call today was from a woman with a sub-continent accent (with callcentre noise in the background) claiming to be from the Telephone Preference Group( note not Telephone Preference Service - the correct organisation) asking for personal/financial details. As I ported my number over from my previous supplier and have been a subscriber to TPS for years I'm pretty sure it is not coincidence that I'm now known to an Indian callcentre and am receiving these calls.
XBA1709 is offline  
Old 7th Sep 2018, 18:04
  #13 (permalink)  
 
Join Date: Jan 2003
Location: Manchester
Age: 45
Posts: 615
Likes: 0
Received 0 Likes on 0 Posts
Half a billion quid fine, so I'm hearing.
Ex Cargo Clown is offline  
Old 7th Sep 2018, 18:48
  #14 (permalink)  
 
Join Date: Jan 2008
Location: Hotel Sheets, Downtown Plunketville
Age: 76
Posts: 0
Likes: 0
Received 0 Likes on 0 Posts
What realy concerns me is what exactly has been stolen. If full personal data such as DOB, address, etc. is now in the hands of crooks, they may use it in the future. It is ID theft that I would imagine is the biggest threat. Credit cards may be replaced but what can we now do to protect ourselves against the fact that our ID`s may be used for all kinds of mischief.
GDPR and all that fuss and what do you get, a monumental cockup. Can we please have the old IATA paper ticket and the travel agent back. I`d rather pay more than end up being cloned by some bandid and his Ipad.
Chronus is offline  
Old 7th Sep 2018, 18:59
  #15 (permalink)  
 
Join Date: Jan 2008
Location: Reading, UK
Posts: 15,744
Received 171 Likes on 83 Posts
Originally Posted by Chronus
What realy concerns me is what exactly has been stolen. If full personal data such as DOB, address, etc. is now in the hands of crooks, they may use it in the future.
Name, email address, credit card details including (unbelievably) CVV.
DaveReidUK is offline  
Old 7th Sep 2018, 19:00
  #16 (permalink)  
 
Join Date: Apr 2008
Location: europe
Posts: 35
Likes: 0
Received 0 Likes on 0 Posts
That is what you get when you outsource your IT department to cut wages. BA managers thought they were being smart when they made scores of experienced IT personnel redundant, and replaced them with inexperienced staff. It just goes to show that there is a lot of truth in cliches such as, when you pay peanuts you get monkeys. BA are finding out the hard way that having well-trained, loyal, well-paid staff, is better than having an outsourced company over which you have no control of standards, training and personnel. BA has learned nothing from the shambles that is outsourcing, which has created havoc in both the public and private sectors. What do BA managers care, it is only reputation, business, and ultimately jobs that are going to suffer the consequences. They managers will be long gone in to the distance, business degrees in hand, when that happens.
kapton is offline  
Old 7th Sep 2018, 20:29
  #17 (permalink)  
 
Join Date: Jan 2003
Location: Manchester
Age: 45
Posts: 615
Likes: 0
Received 0 Likes on 0 Posts
"BA managers thought they were being smart", ultimate contradiction in terms
Ex Cargo Clown is offline  
Old 7th Sep 2018, 21:11
  #18 (permalink)  
Paxing All Over The World
 
Join Date: May 2001
Location: Hertfordshire, UK.
Age: 67
Posts: 10,095
Received 56 Likes on 46 Posts
Sadly, I can't see that changing their approach. They will continue to presume that it is someone else's fault.
PAXboy is offline  
Old 7th Sep 2018, 21:13
  #19 (permalink)  
 
Join Date: Aug 1999
Location: Hyeres, France
Posts: 1
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Ex Cargo Clown
Half a billion quid fine, so I'm hearing.

Always wondered....

Is that used to compensate ' victims' or would, in this case, BA, have to cough up for that as well ??

Only asking because there appear to be no details of who keeps the fines or what the money is used for when companies such as Miccrosoft, Google, HSBC, etc, get fined $ billions by different governments and statutory authorities.
Hussar 54 is offline  
Old 7th Sep 2018, 21:20
  #20 (permalink)  
 
Join Date: Jan 2003
Location: Manchester
Age: 45
Posts: 615
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by Hussar 54
Always wondered....

Is that used to compensate ' victims' or would, in this case, BA, have to cough up for that as well ??

Only asking because there appear to be no details of who keeps the fines or what the money is used for when companies such as Miccrosoft, Google, HSBC, etc, get fined $ billions by different governments and statutory authorities.
I believe it goes back to the treasury, then it's up to individuals to sue the company. Nice use of my pension money.
Ex Cargo Clown is offline  

Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.