Security Researcher Solves Ticketmaster Website Credit Card Quandry

Ticketmaster recently had to correct a relatively seriously breach that potentially lead to the leak of several thousand customers’ credit card credentials. They’ve been working hard on correcting the problem, but one individual thinks that he’s solved what prompted the attacks in the first place.

Kevin Beaumont, one of the UK’s top digital security researchers, believes he knows what the attack vector was. Inbenta had provided a chat bot for webmasters that works by calling a JavaScript file from Inbenta’s own remote server.

A single line of HTML was employed to call this particular piece of JavaScript. Beaumont opined that Inbent provided Ticketmaster with a single JavaScript one-liner that they may then have used on their payment page without notified Inbenta’s technicians. Since the code was now on Ticketmaster’s payment processing site, it was functionally placed amidst all credit card transactions that go through the site.

JavaScript code could then, according to Beaumont’s theory, get executed in a client’s browser from the same page that their credit card information was on. Someone must have altered the code and given it the authority to do something malicious when they did so.

His research also seems to indicate that anti-malware tools were doing their job. Some security software was able to begin flagging the script several months before Ticketmaster’s agents announced the breach had occurred. The JavaScript file itself apparently got uploaded to some threat intelligence tools, which is more than likely how they were able to catch the breach in time.

Other experts have expressed concerns over JavaScript library dependencies and how this relates to this kind of breach. It’s become common for coders to use git repositories to solve third-party dependency problems in order to use certain JavaScript frameworks that make their jobs easier.

While this is an efficient method of code reuse, there’s a risk that some of these dependencies could have something malicious in them. Many of these repositories are occasionally victims of crackers who misuse them as well, which means they can translate into additional places for unaudited code to find a way into otherwise legitimate bases.

As a result, some are expressing a wish for more attention to stringent code auditing procedures in order to reduce the risk of these sorts of issues.

Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.