 |
|
Oracle Tips by Burleson |
Web Stalkers
Chapter 5 -
All About Cybercrime
Real-World Case: The Extortion Attack
While there are always opportunities for attack from the outside
world, one is unable to discount attacks from within the company
firewall. In practice, “inside jobs” are more common
than external attacks, and they can often have devastating
consequences. The following is a real-world example.
Real-World Case: The Rootkit Attack
In 2004, a call came in from a client who was
complaining of performance problems on their web database, which was
running on a standalone Linux server. The company was in the
business of providing credit information to third-party companies to
assess an individual’s probability of financial default.
Upon accessing the server, it was apparent that
something was terribly wrong. Even when idle, the database was
performing I/O operations and the processors were active, even
though Linux did not show any active processes.
After a Linux expert was consulted, the real
issue was discovered. A time-bomb was activated by a hacker, and
the attack was both clever and devastating. The attacker placed a
Linux daemon process called “Hoover” on the Linux server and this
process was constantly polling the Oracle database, vacuuming up new
data, and e-mailing it to an overseas mailbox!
The attack was very sophisticated and
unobtrusive. The malicious employee had replaced the standard Linux
commands with a root kit, an attack method readily available on the
Internet. In a root kit attack, the Linux commands are replaced
with an alias to disguise the presence of the data stealing
mechanism.
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
