Wednesday, 29 August 2012 11:47

Team GhostShell Executes A Few SQL Injection Attacka And Pulls Off Over 1 Million User Accounts...

Written by

Reading time is around minutes.

2012 is most certainly the year of the hack. So far in 2012 we have heard of more large scale security breaches related to allegedly secure companies and banks than in just about any previous year. What make this year very interesting is that it is also the year that many companies are joining the push for the “cloud”. Now the term “cloud computing” has been around for a very long time and derives from the symbol for the internet (which is a cloud if you did not guess) although many view it as a new technology it is not.

The concept of the client/server model goes back a very long way and has its roots in the old Mainframe era where all of the thinking was done in a large and very powerful computer and the results were simply displayed on the screen of a dumb terminal. As network and computer speeds improved the costs of having this type of system made them unrealistic for most companies. Still the transition was not a simple one either, during the changeover years there were many products that allowed the newer systems to talk to older mainframe systems (SCO UNIX, AS400, etc). Microsoft and other companies capitalized on these technologies to get their concept of the new network in place (anyone remember SNA server?). Still Microsoft, Novell and others saw their chances and took it. IO cam vividly remember reading documentation that claimed cost savings of up to 50% over the traditional networks and a compute increase of 30%. The argument was that since the actual workstations could now process data the need for a massively powerful mainframe was gone. The reality was that what you saved on the Mainframe was offset by the increase in workstations (including software licensing). Still the idea caught on very quickly and most companies ditched the mainframe and moved to the same model we have in most companies today (the new client/server).

However, there was (and still is) a downside to this type of network; security. In the new client/server model you often need multiple servers to cover all of the system resources you need for a company to run. Many of these need to be exposed to the outside world as well. In many cases you can create a buffer for these servers so that they can service the requests, but also still maintain some form of security.  The problem is that far too often these buffers and the hardware that is supposed to control them are not maintained or properly setup. This sad fact has allowed for many of the breaches that we have seen this year. A failure to keep systems updated and secure makes it easy for many hackers to simply waltz in and take what they want.

The most recent of these was performed by the group Team GhostShell who is also affiliated with the collective known as Anonymous. The group used a SQL injection tool called SQLmap. SQLmap is an automatic tool that has some impressive support including anonymous proxy support to allow the perpetrator of the attack to mask themselves fairly well. They can execute inferential, UNION and batched queries. We have talked about the UNION attack before and how simple it can be to execute if the site being attacked offers up the right data (itemid=xxx etc.) a clever attacker can take this and with a union statement combine data from other tables in the database using the “ALL” statement. There are ways to protect against this though. You can filter certain strings and characters to prevent the mining of all data in your DB as well as make sure your database software is up to date to help mitigate these types of attacks.

Simply put GhostShell was able to pull off the attacks they did with simple tools because their targets were not prepared and did not put proper protection in place for their users’ data. This negligence has led to the loss of over 1 Million user accounts leaked onto the internet and more that are sure to follow. As GhostShell has put it:

All aboard the Smoke & Flames Train. Last stop, Hell. You can have the pleasure of sharing seats with targets such as WallStreet, CIA Services, MIT, Consulting Firms, Political Advisors, Security Companies, Corporations, Weapon's Dealers, Laboratories, Internet Hosting Services, Academics, Banks, Police Departments, Aviation, The Navy, Stocks Exchange, Bonds Exchange, Markets, Emirates Organizations, Various Businesses, Hedge Funds, Estate Agencies, Public Affairs, Robotics, etc.

Team GhostShell has stated that multiple teams worked on this massive attack and that they will be turning over the details on how they got in to other groups to ensure that the attacks keep going. It is going to be a busy time for many IT departments. Oh and all of this happening as Microsoft and other companies are asking you to put your trust in their systems for all of your personal information and data…

Discuss this in our Forum

Read 3536 times Last modified on Wednesday, 29 August 2012 11:56

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.