Scam of the day – March 20, 2017 – Hacker uses SQL attack to steal data from colleges and government agencies

According to security company Recorded Future, a notorious Russian hacker known as Rasputin used a SQL injection attack to hack into the data of sixty-three targets that included prominent colleges in the United States and the UK as well as state and federal government agencies.    The various targets were chosen because of their storage of personal information that could be sold on the Dark Web where cybercriminals buy and sell such data to be exploited for purposes of identity theft.

Among the colleges suffering a data breach were Purdue University and Cornell University.  Among the government agencies hacked was the Department of Housing and Urban Development (HUD).  Among the city government computers hacked were Pittsburgh, Pennsylvania and Springfield, Massachusetts.

Structure Query Language (SQL) is a computer language widely used in data bases.  In a SQL injection, a web app vulnerability is exploited in order to give the hacker access to all of the stored data.  A SQL injection can result in not only data being stolen, but also change or delete data as well.  The entrance point for a SQL injection is generally in login forms, sign up forms or other forms where visitors to a website can input information.

TIPS

SQL injection attacks are quite common, but they can be defended against through proper security practices including constantly updating servers, applications and services with the latest security updates.  As for consumers, the best we can do is limit, as much as possible, the information we provide various websites with which we do business recognizing that we are only as safe as the places with which we do business with the weakest security.

Scam of the day – March 20, 2014 – Maricopa County Community College hacked

As the old saying goes, “fool me once, shame on you; fool me twice, shame on me.”  Recently the Maricopa County Community College revealed that its computers had been hacked and personal information including Social Security numbers and banking information of more than 2.4 million students, former students, employees and vendors covering a period of more than thirty years was compromised.  As I have indicated to you in a number of Scams of the day, colleges and universities have been prime targets for hackers because they provide the perfect combination of often lax security and large amounts of personal information.  What makes this security breach even more egregious is the fact that Maricopa County Community College was hacked back in 2011, but steps to improve the security of their computer systems were not taken despite the recommendations of employees of the colleges information technology department and their warning that the 2011 breach which only affected 400 people exposed a flaw that could affect many more people.

TIPS

Presently a class action is being prepared by the Phoenix law firm of Gallagher and Kennedy. If you have been affected by the data breach, you may wish to contact them.  You also should check your credit report at www.annualcreditreport.com to get your free credit report from each of the three credit reporting agencies, Equifax, Experian and TransUnion in order to look for evidence of identity theft.  You should also consider putting a credit freeze on your credit report to prevent it from being accessed by an identity theft armed with your Social Security.  You can find instructions here on the Scamicide website as to how to put a credit freeze on your credit report.  This data breach also brings up the question again as to why Maricopa retained personal information on people who have long ago ceased to have a relationship with the college.