The Hacker News

on Tuesday, 22 October 2013
 

 

The Hacker News
The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Hacker stole $100,000 from Users of California based ISP using SQL Injection
10/22/2013 10:27:00 AM

In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including DDoS attack, SQL injection, DNS Hijacking and Zero-Day Flaws.
SQL Injection is one of the most common security vulnerabilities on the web and is successful only when the web application is not sufficiently secured.

Recently a hacking Group named 'TeamBerserk' claimed that, they have stolen $100,000 by leveraging user names and passwords taken from a California ISP Sebastian (Sebastiancorp.com)to access victims' bank accounts.

A video proof was uploaded on the Internet, shows that how hackers used a SQL injection attack against the California ISP Sebastian to access their customers' database includes  e-mail addresses, user names and clear text passwords and then using the same data to steal money from those customers.

Let's see what SQL Injection is and how serious an attack like this actually can be.

SQL Injection is a type of web application vulnerability in which the attacker adds Structured Query Language (SQL) code to web inputs to gain access to an organization's resources. Using this technique, hackers can determine the structure and location of key databases and can download the database or compromise the database server.

Hackers took just 15 minutes to hack into the website using SQLmap (Automated SQL Injection Tool) -- stole customers' database and then immediately accesses the victim's Gmail account, linked PayPal accounts and Bank accounts also.

It's so hard to remember multiple passwords, some people just use the same one over and over. Is your Facebook password the same as your Twitter password? How about the password for your bank's website?

Now the hack explains that this us why it's extremely dangerous to use the same password on more than one Web site. In the POC video, hacker randomly chooses one Sebastian username and his relative password against Paypal, Gmail and even Citibank account logins and seriously that actually worked, because the victim is using the same passwords for all websites.

Now that you've control of the situation, don't let this happen again! If you have a bank account, a few credit cards, and several other important sensitive accounts, conduct a thorough security audit on them. Be sure that you know when you last logged in. Be sure to keep using different and Strong passwords for each website.
Photo of Mohit Kumar Hacker News - Founder and Editor-in-Chief of 'The Hacker News'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker. ()

Popular Stories

 

Malware infected International Atomic Energy Agency Computers
10/22/2013 12:12:00 PM

The computers were located in common areas of the agency's Vienna headquarters, known as the Vienna International Centre (VIC).

A third-party technician or visitor with the USB-drive infected with crimeware can be used to infect the system. "The (IAEA) secretariat does not believe that the USB devices themselves were infected or that they could spread the malware further" he said.

Last November, the IAEA revealed that Iranian hackers had accessed one of its former computer servers and posted the contact details of some of the watchdog's experts online.

"Protecting information is vital to the IAEA's work. The agency continuously endeavours to achieve the highest possible level of protection of information," Gas said.

The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened.

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)