Go airline website hijacked

The website of Go, British Airways' budget flight subsidiary, was defaced by crackers last night in the latest of a long line of corporate Web Site attacks.

A spokesperson for Go confirmed the attack and said staff "worked throughout the night with security specialists from BT" in order to shore up security. The site, go-fly.com, was taken down at 10:15pm last night and brought back online early this morning.

Go said that only its home page was affected by the attack on its web server and customer credit card details, which are taken by and stored on separate systems, were not exposed.

Potential Go customers, such as one Register reader, were confronted by a blank white page with a message from a cracker boasting that he owned the site - something that is hardly likely to encourage ecommerce even if no serious harm was done. The attack follows web page defacement that has seen the site of HSBC act as a forum for fuel tax protestors and the stock exchange index site, ft-se.co.uk sprayed with internet graffiti (as reported here).

Paul Rogers, network security analyst at security consultancy MIS Corporate Defence Solutions, said the web site defacements showed that firms were not managing their security risks properly despite the impact an attack can have on reputations.

"Things aren't changing and firms are still not paying enough attention to site security," said Rogers, who said companies need to stay up to date with security issues rather than thinking that they only need to have the latest service pack in place to remain secure.

Rogers added crackers often exploited unpatched vulnerabilities in Microsoft's Internet Information Server to carry out Web page defacements. ®

Related stories

HSBC site daubed with graffiti