Database Breach

by Pajor A
Database Breaches: Target

As technology grows at an ever faster rate, people scramble to keep up with the new changes. New systems are released; new patches, new servers, and more and more new technologies are being developed such as the cloud. Computer infrastructures such as the Google’s data bases or Sony’s Playstation Network have the challenge to maintain which is very hard on a large scale and expensive to keep up to date. With the quickly changing environment of technology, it is only becoming more difficult to stay up to date as time progresses into the future of new unknown technology advances.

On particular area corporations and nations have to worry about is the threat of hackers. Hackers come in all forms, sizes, and origins and will attack any outdated server, computer or any other device that have some kind of small handicap. One example of a program that can be potentially threating is the stopping of releases of new patches of the popular Windows XP software program. Without the protection of Microsoft releasing new patches to update security for the XP program it fling opens a door for hackers to have a field day on users still using the outdated program for malicious activities.

This same idea of programs not being updated or replaced goes for corporations and governments that maintain and run large databases. A database consists of many servers which periodically need to be updated and maintained to assure the highest level of security. Companies and nations need to keep the upmost highest level of security because databases are the Holy Grail for hackers or the jackpot of prizes.

Databases have all the information a hacker could want. Databases are where companies store their customer’s information such as, addresses, social security, credit cards, pin numbers and etc. Not only their customer’s information are stored on databases, the companies’ own information are on those same databases. Corporations store new ideas, technologies, and accounting information that could affect the public drastically in many different ways if the wrong information gotten into the wrong hands.

Nations are also facing the same problem such as China stealing high tech and military information from the U.S. government. These state sponsored hackers are professionally trained and are given limitless resources to obtain information they need or want at a moment’s notice without being tracked by the U.S. government. This makes it difficult to protect against state attacks because they are virtually undetectable to many programs.

One of the most popular tools for hacking a database is the SQL Injection. They account for about 25% of all hacks on the internet which is the most popular tool hackers use. SQL is the most used language on the internet which is why hackers used the SQL injection.

SQL injection is commonly done on the corporates login screen that prompts the user for a user name and password. At this point the hacker will provide code in the user name and password to see what kind of code the database is written in. If they find out it is SQL code they go with a set a procedures. After the hackers confirm the website is a SQL code then the hackers add more specific code to the username and password to gain access in areas where they shouldn’t.

One of the most recent and publicized example of a data breach is the Target Corporation. Target was apparently hacked by the popular SQL injection hacker method. The target of the attack was Target’s IT management who were actually a third party that supported the IT systems. The third party did not practice well coding or good password protection in this case. The IT department had a default password for the third party which was easily detected by the hacker doing a SQL injection on the site used by Target. The hackers had an arsenal of weapons to use to attack the Target database. One of methods used was memory-scraping also known as “Reedum.”

The program “Reedum” then started to record all the credit card and debit card information that was processed through Target’s systems undetected. The recording process started about two days after the injection. It has been said that the injection started in mid-November and ended December 15, 2013.  Soon the malware had so much information and power that it would gather information in real time and even set up a server for the hackers on Target’s database to store all the information.  All this was done by a default password set up by the malware in the Target Corporation.

As soon as the hacker was in the database of Target, the hacker stole more than 110 million customer’s credit card information. What the hackers do with the information is then sell the credit card numbers and information on the black market for thousands of dollars undetected. Some cards work and other don’t. Seeing how 110 million credit cards are stolen, the chances of credit cards working are very high. This is the digital age is now upon us, these occurrences are going to keep on occurring and occurring so corporations and governments have to stay on their toes to keep safe watch of hackers.

Sources

http://null-byte.wonderhowto.com/how-to/hack-databases-terms-technologies-you-need-know-before-getting-started-0148773/

http://www.technewsworld.com/story/79891.html

http://www.darkreading.com/vulnerability/the-10-most-common-database-vulnerabilit/228000482

http://www.wikihow.com/Hack-a-Database

http://www.zdnet.com/the-top-ten-most-common-database-security-vulnerabilities-7000017320/

http://www.informationweek.in/informationweek/news-analysis/176673/common-database-vulnerabilities

10 thoughts on “Database Breach

  • February 20, 2014 at 12:17 pm
    Permalink

    Good topic, as technology increases so does its flaws in security and talent in hackers. The CEO of Riot games was also hacked and posted tweets about some of Riot’s future potential games. All companies should be increasing there cyber security due to the ease of access to the internet now.

  • February 21, 2014 at 1:11 pm
    Permalink

    Maintaining a secure database is one of the biggest issue that companies have to face. The bigger and successful a company is, the higher risk of losing their data. I agree that companies need to pay a very close attention to hackers (Target recently) and security or else, they would damaged their company’s reputation and information, and losing their customers’ trust.

  • February 21, 2014 at 3:47 pm
    Permalink

    This article was very interesting. With companies expanding and growing bigger than ever, their databases also needs room for growth. Having more and more information out there these days allows for more chances of having your information stolen. You have stated that “databases are where companies store their customer’s information such as, addresses, social security, credit cards, pin numbers and etc.” This is very terrifying to think about, because with these type of information, a person’s life can be easily ruined.

  • February 22, 2014 at 5:38 pm
    Permalink

    I would like to work as a hacker (white hat of course) but do not quote me on this. This information is interesting because it is what gets people involved in the art and possibilities of hacking, and this is just the tip of the iceberg. I could see the fascination in people’s eyes as I gazed at them in the room. Well done!

  • March 8, 2014 at 11:00 am
    Permalink

    This article is very interesting in the fact that it provides a foundational knowledge about current topics, that being Target. Not only that but part of designing effective and efficient databases is validation and data cleansing, with that said proper validation can prevent SQL injection which like stated accounts for like 25% of all database breeches. If all bases are not covered your red-hat hackers will exploit every last uncovered portal. Great article and good presentation!

  • March 17, 2014 at 2:55 pm
    Permalink

    Very interesting presentation. I really liked how you explained an SQL injection and how easy it is to perform. In counter to the injection just a few lines of code could easily counter an injection as well. It is very important to protect the data of users and company data against hackers who can do anything they want with the information.

  • March 18, 2014 at 11:15 pm
    Permalink

    I loved this presentation, it was interesting to learn about SQL injection. I’ve always heard about it but never really knew exactly how it worked. Also I’m glad you discussed the recent breach that Target had. I knew about it but didn’t know the exact details of that as well. It’s interesting how easily we take for granted our security when it comes to shopping–this just serves as a bit of a reminder that not everything is safe and secure.

  • March 19, 2014 at 12:00 am
    Permalink

    I liked how you made it clear on how the hackers got into Target’s database. I didn’t know something as simple as SQL injection something we can use easily to hack into a multi-billion dollar corporation. I always thought that there were these high tech programs behind the hacks and not something as easy as using a default user name and password to get into a large database.

  • March 19, 2014 at 7:08 pm
    Permalink

    I thought this article was really interesting, especially the part about SQL injection. I never really knew how easy it could be to hack a database. I also thought that using Target was a really good and relevant example. This topic is especially significant considering all the data that is online, and that practically everything we do contains and ends up storing some sort of data.

  • March 20, 2014 at 8:25 pm
    Permalink

    Very relevant topic as the Target breach was recently in the news. It seems more and more security issues are in the Media from corporations to government agencies. It seems for the mean time security will be a central part of any computer systems network as breaches are a common occurrence and Information Assurance is vital to any databases integrity.

Comments are closed.