RSS Alerts

Share

More services

Related Links

Related Stories

  • Cybercriminals set to ride Google's Wave
    As interest in Google's Wave technology peaks, hackers and scammers will inevitably ride the coat tails of Wave web searches and attempt to divert internet users to malicious and infected sites, according to a data security consultancy firm.
  • Islamist hackers block Kosovo website
    The problem of religiously-motivated hacker attacks raised its ugly head again this month with an attack on the Express newspaper in Kosovo. Newswire reports suggest that Islamist hackers attacked the paper's website using a combination of simple malware and distributed denial of service (DDOS) attack vectors.
  • Koobface social networking worm gets a facelift
    Koobface, the first - and arguably the most successful of the social networking worms - is back, having been significantly tweaked by black hat hackers on the internet, reports Kaspersky Lab, the anti-malware and IT security vendor.
  • Hackers hit the road
    In a fresh case of social engineering, ever-resourceful hackers in the US have found a new way to direct unsuspecting users into downloading a virus, through fake parking tickets.
  • DDoS attacks jump to top position on Trustwave’s web hacking report
    Distributed denial of service (DDoS) attacks jumped to the number one place on Trustwave’s Web Hacking Incident Database (WHID) for the second half of 2010, besting SQL injections as the most popular website attack method.

Top 5 Stories

News

Durham Police website hacked by SQL injection

10 November 2009

An unknown hacker - apparently protesting about terror deaths in Pakistan - has attacked the Durham Police website, forcing it to temporarily close.

In his/her posting, the cybervandal, left a message of: "Ur security sucks UK police this is my revenge against u."

"U are the one who are blasting bomb in Pakistan. Ur security is zero". the posting added.

In an official statement, Durham Police said that an investigation into what happened is under way and the "offending matter" has been removed by computer specialists.

Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.

SQL injection attacks - aka SQL insertion attacks - are a type of code injection technique that exploits a security vulnerability occurring in the database layer of an application.

The vulnerability is present when user input is either incorrectly filtered for `string literal' escape characters embedded in SQL statements or user input that is not correctly typed and therefore executes in an unexpected manner.

"Our research shows that the website does have vulnerabilities which could lead to the recent attack", said Amichai Shulman, Imperva's chief technology officer.

"Our researchers have seen that for a while hackers have been discussing the weak points of the Durham police website including discussions of being able to extract usernames and passwords that are used for the administration of the site", he added.

"This is an unfortunate situation for the police, but does go to show that no one is protected from these kinds of attacks unless the right precautions are taken."
 

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comments

biotecnix says:

01 December 2009
A quick question...has the police looked into this deeper and traced who the blackhat/greyhat is?
another note >Imperva, the data security specialist - who monitor websites for hacker activities, - said the the police portal appears to be vulnerable to SQL injection attacks.Im glad Imperva is not monitoring my sites as i protect my own

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012