Hackers use SQL Injection to ‘inject’ $4 million into their bank accounts{3}


by Evin C
SQL has many uses, and apparently some of them aren’t so legal. This article reports on one of the biggest cases of online identity thefts in U.S. history. Three men were sent to prison for 17 to 25 years for hacking into Heartland Payment Systems, a business used to process sales by credit card companies and certain vendors. This was not the only business to be hit and the result was 130 million credit-card numbers being stolen and a profit of up to $4 million for the hackers themselves. The article reported that the hackers “used a method called SQL injection to carry out the deeds.”

It then goes on to explain details behind SQL Injection and how serious an attack like this actually can be. On a better note, the Federal Trade Commission’s senior attorney stated that “SQL injection compromises are ‘commonplace and relatively simple to prevent.'” There is a simple way to prevent SQL injection, involving the denial of SQL statements directly. These points are quite interesting considering our start of SQL with this course.

We briefly mentioned SQL injection during our first weeks and it was interesting to find out how it can actually be used. Considering we are only just beginning our work on SQL I’m sure we have a long way to go but for future this is definitely a good read. Just to think how many ways society can be infiltrated through the methods we are learning in our courses is almost as surprising as it is scary.

Reference:

Albanesius, C. (2010, May 1). Pc mag. Retrieved from http://www.pcmag.com/article2/0,2817,2363293,00.asp