The Guardian: Up to half a million users may have been compromisedby Steve Ragan - Oct 26 2009, 21:16
The Guardian says that up to half a million users may have been compromised
According to the latest information, The Guardian has contacted up to half a million users of its UK Jobs portal to inform them that their personal information might be at risk. The risk stems from what is being called a deliberate and sophisticated crime, “of which the Guardian is a victim in addition to some of our users,” the news agency reported.
On Friday evening, The Guardian was alerted of a security breach to their UK Jobs portal. The technical details of the attack and all related information are being withheld, but on Saturday the news agency said that their provider, Madgex, confirmed the portal was secure. The US Jobs portal was not impacted by the security breach.
In accordance with the Information Commissioner’s guidance on data protection, The Guardian said that they have identified and contacted, or attempted to contact, everyone who may be at risk.
“The police remain anxious to keep information about the apparent theft to a minimum, in order not to compromise their investigations, but did agree with us that we could inform those users who may be affected. We stress our regret that this breach has occurred. This is apparently a deliberate and sophisticated crime, of which the Guardian is a victim in addition to some of our users. We are continuing to work closely with our service provider and the police, who are undertaking a full investigation through the central e-crime unit at New Scotland Yard. Please continue to visit this site for regular updates,” said The Guardian in a statement.
While the idea is pure speculation, in the past, attacks on Job portals have led to Phishing attacks that are personal in nature, as was the case with Monster.com or Ireland’s Jobs.ie.
"Although top Web sites have been - and continue to be - targeted by cybercriminals, those sites that store identity information will continue to a primary target, especially now that criminal hackers are being affected by the economic situation we all find ourselves in," said Yuval Ben Itzhak, Finjan's chief technology officer.
"Usually, cybercriminals are using this type of stolen data to create fake identities, as well as generating spam plus Phishing attacks, as well as many other scams. Auctioning stolen identity information is another technique that our researchers have spotted. It's also worth noting that Guardian portal is not alone in being attacked by cybercriminals, as other US job sites have also been hit using this hacker methodology," he added.
Securing Web applications using web application firewalls and securing the backend database using database security tools, he explained, are a logical course of preparing to defend those IT resources that contain personal and business data.
Another security vendor, Imperva, said that SQL Injection flaws might well be the cause for The Guardian’s attack over the weekend, mirroring Itzhak’s note that securing Web applications is highly important for businesses.
Amichai Shulman, Imperva's chief technology officer, said that the most eye-catching feature of the site hack is the use of the phrase `sophisticated and deliberate attack.'
"Our experience shows that `sophisticated attack' is usually a pseudonym for `SQL Injection', although I must admit that an initial glimpse into the site hints that it may actually be a more sophisticated hack than the usual. At the end of the day, however, I don't think that it's much more than SQL Injection, sophisticated or otherwise," he said.
"If it were a Trojan based attack then they would have stated it by now and used a different wording like `hackers who managed to break into the Guardian network."
According to Shulman, if, as seems likely, an SQL injection attack was to blame for the Guardian site hack, then tagging it as `sophisticated' might be a bit misleading, though not uncommon. Organizations, he explained, have a tendency in such attacks to attach superlatives to the attack techniques used in a compromise in order to diminish from their responsibility.
"The only positive thing one can say is that the Guardian is not itself to blame," Shulman noted. At the same time, "This is small comfort to site users, however, who will now be worried about identity theft issues," he added.
The Guardian will update their information page as new developments warrant. You can view that here.