Share

Related Links

Top 5 Stories

News

Durham Police website hacked by SQL injection

10 November 2009

An unknown hacker - apparently protesting about terror deaths in Pakistan - has attacked the Durham Police website, forcing it to temporarily close.

In his/her posting, the cybervandal, left a message of: "Ur security sucks UK police this is my revenge against u."

"U are the one who are blasting bomb in Pakistan. Ur security is zero". the posting added.

In an official statement, Durham Police said that an investigation into what happened is under way and the "offending matter" has been removed by computer specialists.

Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.

SQL injection attacks - aka SQL insertion attacks - are a type of code injection technique that exploits a security vulnerability occurring in the database layer of an application.

The vulnerability is present when user input is either incorrectly filtered for `string literal' escape characters embedded in SQL statements or user input that is not correctly typed and therefore executes in an unexpected manner.

"Our research shows that the website does have vulnerabilities which could lead to the recent attack", said Amichai Shulman, Imperva's chief technology officer.

"Our researchers have seen that for a while hackers have been discussing the weak points of the Durham police website including discussions of being able to extract usernames and passwords that are used for the administration of the site", he added.

"This is an unfortunate situation for the police, but does go to show that no one is protected from these kinds of attacks unless the right precautions are taken."
 

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comments

biotecnix says:

01 December 2009
A quick question...has the police looked into this deeper and traced who the blackhat/greyhat is?
another note >Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.Im glad Imperva is not monitoring my sites as i protect my own

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×