Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

10:13 PM
Connect Directly

5 Big Database Breaches Of Spring 2013

Learning from the most recent impactful breaches of 2013

This spring's crop of database breaches has been about as abundant as the pollen count this time of year, and twice as likely to make security researchers' eyelids twitch. During the past couple of months, data breaches have ranged from the mundane to the fantastic, with each occurrence offering valuable lessons for security professionals with regard to locking down databases and the applications that access them.

The following five high-profile breaches offer some of the low lights of late and what organizations can learn from each of these incidents.

1. A Big Dam Deal
A compromise involving fraudulently obtained user credentials gave attackers unauthorized access to a special database held by the U.S. Army Corps of Engineers that contained the critical details of over 8,000 dams across the country. Though the Army revoked the credentials involved, the information was already exposed to attackers that officials believe were based in China.

Lessons Learned: Access controls are at the heart of solid database protection plans. In this case, Army an army spokesperson told the Washington Free Beacon, which broke the story, that access was "given to an unauthorized individual in January 2013 who was subsequently determined to not to have proper level of access for the information." Whether that means the organization's provisioning process was suspect or a malicious party managed to escalate privileges on the sly is up in the air, but it still offers a glimpse at how an access control issue can put databases at risk.

2. Bitcoin DB Blunder
As a currency mainstay for the cyber underworld, it is no surprise that Bitcoin exchanges has attracted the attention of malicious hackers, who have taken to attacking the exchanges that trade in this virtual currency. In addition to a high profile DDoS attack against the exchange Mt. Gox in April, cyber crooks also took so many liberties with the databases held by the exchange Instawallet that it had to close up shop. The firm reported that due to the fraudulent access to its databases, it was "impossible to reopen the service as-is."

Lessons Learned: Databases -- particularly those run by high-risk, financial transaction intensive businesses -- form the foundation of how businesses operate today. Failing to fully secure the most mission-critical databases within an organization can have potentially catastrophic ramifications for the business, as this recent shutdown of Instawallet illustrates.

3. $45 Million Database Deficiency
In the running for winning props as one of the biggest cybercrime cases of the year, the complex $45 million ATM cyber heist discovered by investigators this spring had its roots in a database hack. The masterminds at work hired hackers to break into databases containing details about prepaid debit cards so that they could adjust certain cards to be tied with unlimited pools of cash, clone those cards and hire cashers and money mules to tap into the accounts at ATMs in New York.

Lessons Learned: Often times the breach of a database is the first and most fundamental step in carrying out burns, scams and other larceny that would be otherwise difficult to pull off without that kind of access. Authorities aren't releasing info on how the pre-paid debit databases were breached, but security pundits are surmising that due to the crummy state of security at financial organizations within developing countries that odds are high that it could have been something as simple as a SQL injection attack that started it all.

[Why do injection attacks still stand on top of the OWASP Top 10 2013? See Myth-Busting SQL- And Other Injection Attacks.]

4. Living Social Lost Data
LivingSocial committed the ultimate social faux pas when it allowed thieves to pillage a database containing the personal details of 50 million of its customers. Security experts said that given the number of exposed details and the type of information stolen, the likelihood was high that the breach was caused by the run-of-the-mill SQL injection attack or an attack that leveraged framework vulnerabilities.

Lessons Learned: The passwords contained within the breached database were encrypted, which is a good first start. But organizations must continue to be vigilant about sanitizing input coming from web applications, parameterizing queries into the database and engaging in the kind of coding hygiene that prevents SQL injection. Additionally, organizations that want to avoid this kind of incident would do well to improve their framework patching procedures to limit their exposure on that front.

5. Google Bungles Database Defense
News came out last week that the breach of a little-known internal Google database could have wide-reaching national security implications. The attack actually occurred back in 2010 as a part of the Operation Aurora attacks. But the Washington Post just recently uncovered how a penetration occurred within a system the company uses to archive information about surveillance requests coming from law enforcement authorities working to investigate specific Google users. Federal officials believe the breach was carried out by Chinese operatives looking for a way to learn more about which one of its operatives the US had been investigating.

Lessons Learned: This breach offers a prime example of how dangerous the consolidated nature of information stored within databases can truly be. Information that is pooled together for efficiency's sake can also make a thief's life that much easier as well. Individually, these requests by government officials only held so much value but in one big repository they offer a stunning look into the details of who's under the government eye. Often times organizations miss the strategic value of databases like these that may seem as boring as can be. This breach goes to show how important it is to consider during risk analysis not just the value of the information to the organization, but also its value to potential attackers.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function.
PUBLISHED: 2020-02-21
Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via management screen.
PUBLISHED: 2020-02-21
Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
PUBLISHED: 2020-02-21
Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated attacker on the same network segment to execute arbitrary OS commands with root privileges via unspecified vectors.
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.