The FBI arrested a few people who allegedly have connections to the hacking groups Anonymous and LulzSec, and based on some reports, those arrests are just the beginning. The alleged hackers are said to have used SQL injections to break into Sony's network. Fox News said that one of the young men arrested, Cody Kretsinger, a 23-year-old from Phoenix, allegedly erased the hard drives used in the Sony attack to evade law enforcement. Surely Kretsinger and his cronies are smart enough to know that, in the electronic age, you can erase your hard drive, but your electronic footprints linger forever.
In light of the arrests, Impervia has some interesting findings on SQL injections. On its blog, Impervia wrote:
We found, since July, the observed Web applications suffered on average 71 SQLi attempts an hour. Specific applications were occasionally under aggressive attacks and at their peak, were attacked 800-1300 times per hour.
Since 2005, SQL injections have been involved in 83 percent of hacking-related data breaches, according to Impervia's research. Another interesting finding was 41 percent of the SQL injections originated from 10 host sites. The first Anonymous-related arrests were made in July, and reports of attacks were almost a daily occurrence over the summer.
Rob Rachwald, director of security strategy at Impervia, doesn't seem very surprised at the link between the hacking groups and SQL injections. As he said to me:
SQL Injection is to hacking what a crowbar is to burglary. It opens the door to enable data theft.
It's been pretty easy for these hacking groups to use that "crowbar" to get inside, with all the readily available hacking tools. And most companies don't do enough to make a hack difficult because they don't follow best security practices, like smart password use or updating browsers and operating systems with the latest patches. Impervia suggested companies use a combination of application layer knowledge (application profile) and a pre-configured database of attack vector formats, as well as identifying access patterns of automated tools.
We know that Anonymous and LulzSec and other hacking groups are large and scattered, but it will be interesting to see what the SQL injection activity is as the FBI begins to hone in on those involved in hack attacks. Will they increase in retaliation or will they decrease as the arrests might make members gun-shy?