A man has been arrested in the UK as part of an investigation into the cyber attack that caused meltdown at Heathrow and other European airports over the weekend.
Thousands faced delays and cancellations after the attack on IT systems used for check-in and boarding that forced airlines to have to check in manually.
Heathrow, Brussels, and Berlin airports all all faced disruption after the attack on Collins Aerospace, that provides boarding systems for airlines.
National Crime Agency officers, supported by the South East Regional Organised Crime Unit (ROCU), arrested a man in his forties in West Sussex on Tuesday evening on suspicion of Computer Misuse Act offences.
He has been released on conditional bail.
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said: “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing.”
“Cybercrime is a persistent global threat that continues to cause significant disruption to the UK. Alongside our partners here and overseas, the NCA is committed to reducing that threat in order to protect the British public.”
Disruption from the attack began on Friday night and continued throughout Saturday and into Sunday.
Passengers due to fly from Heathrow's Terminal 4 said they were met with queues, delays and confusion as to whether they would be able to make their planned trips.
Brussels Airport saw 50 outbound flights cancelled on Sunday, and nearly another 140 on Monday.
Berlin airport said on Wednesday that it may still take several more days before it had functional and secure software again.
Mr Hall, the independent reviewer of terrorism legislation, said attributing the attack would not be easy.
Asked if a state like Russia could have been responsible for the attack, he told Times Radio "anything is possible".
He said: "Yes, it's possible that this is carried out directly by a state, but it's equally possible to be carried out by a private entity that is, sort of, allowed to operate and does it for a combination of public and private reasons."
That meant attacks were "deniable" for states, even if hackers were based there.
He said: "There are some very capable private entities, let's say, in Russia or China, who won't necessarily be being directed by Russia or China.
"So it's not as if a member of the GRU (the Russian military intelligence agency) is necessarily going into a company and saying that 'you've got the capability of knocking out some UK infrastructure, please go and do it now'.
"It's also possible, in this ecosystem that exists in some of these countries, that a company, an entity, carries out a hack and simply does it for patriotic reasons, or does it because they want to curry favour, or maybe there's some sort of informal relationship with them.
"So although we think, understandably, about states deciding to do things it is also possible for very, very powerful and sophisticated private entities to do things as well."
The European Union's cybersecurity agency Enisa confirmed on Monday that the disruption was caused by a "third party" cyber attack, but gave no further details.
An NCA spokesperson declined to provide further details on the arrest and if it was linked to a hacking group.
