The Web has been abuzz with the revelation that hacked government and military Web sites, as well as databases of personal information are available for less than $500. As concerning as that may be, what should keep IT admins awake at night is the broader realization that these are only the hacked sites that were discovered on the hacker underground. There are more, and your site could be one of them.
Have you ever walked into a kitchen at night and turned on the lights just in time to see a few cockroaches scurry off--knowing that the couple that got caught in the light are an indication that there are probably hundreds of them safely hidden in the walls and cabinets somewhere? Well A)you just haven't lived until you do that, but B) that is similar to the scenario with these hacked military and government Web sites being sold on the hacker underground.
Security researchers from Imperva uncovered the government and military Web sites on the underground auction block. A more detailed account of the discovery can be found on the Imperva blog. But, just like the cockroaches that get caught in the light suggest a hidden army, the hacked Web sites unwittingly exposed to security researchers suggest a much larger problem hidden deeper within the black market, or possibly not being marketed at all.
On the one hand, the discovery of the sale of hacked government and military Web sites illustrates why it is important for security researchers to go undercover and live and play on the dark side of the Web. Like any undercover operation, part of the trick is to gather information without blowing your cover, though. The challenge is to infiltrate as deep into the hacker underground as possible to learn more about the tools and techniques being used by attackers, or about specific breaches as in this case, and apply that information to develop better defenses and thwart attacks.
For IT and security administrators, however, the hacked government and military Web sites should serve as a wakeup call. The speculation is that the sites and data exposed on the hacker underground in this case were compromised by automated attack tools using SQL injection attacks. Organizations should be diligent about protecting Web servers and databases that connect to the public Internet, and should employ the sorts of tools and techniques used by would-be attackers to validate the security measures and look for cracks in the armor.
Just like the cockroaches, for every site exposed on the hacker underground, there are most likely many more compromised sites that remain hidden. And, like the cockroaches, it is much more important to consider the big picture of how to improve security to protect Web sites and databases and guard against the larger problem than it is to focus on the handful that got caught in the light.