Databases Hacked - How?

As most of us are aware databases have been, are, and will be hacked from within and without our countries borders. Hackers are attacking corporations, government agencies, and military complexes. Even spy agencies are hacked.

My curiosity has got the best of me. I am no expert. This has been going on for years and seems to be getting worse. So how come in today's advanced security technology is this continuing? How is it the hackers can still hack with such ease.

Thanks in advance for your factual replies.

a reply to: bucsarg

Im very new to the genre...myself as a hobby getting into programming and web design. A great site is called Hack This Site which gives you little puzzles. Basically from what im getting is you have to find the weakness...you could stare at the code of something for quite some time until you find a little error here or there. They also use tools that do some of this work for them...for example the Kali Linux Distro has tons of tools on it..which you can get for other distros as well but you are basically using someone elses software to find flaws. Once you find the flaw then that is it....

Someone like me could look at at several flaws and never even know they were flaws because I am not that good.

Also especially when something has soooooo much code...think of video games and all the little bugs they have...its just impossible to get everything right always...that is why windows has updates usually as they find weaknesses.

Get ready man...hacking is the future.


On a side note I actually use a chrome book with no identity attached to it to do most things online now...normal viruses dont work on it and since i use it to browse online only or for a few junk emails i keep for gaming stuff I literally have 0 fear if someone got access to it. Chromebooks are a couple hundred bucks and you can do 90% of everything a normal computer can....I then keep my gaming computer usually disconnected or will use that one for personal stuff like my real email...etc.

a reply to: bucsarg

I've been working exclusively with databases for over 20 years. Clients from Gap Inc to the State Dept and the NSA.

Databases are hacked through social engineering (faking your way into getting someone to give you their account information to access the database), standard accounts such as SYSADM with easy passwords, etc.

In all honesty, get a userid, and then just HACK away at the password. There are programs designed to try random guesses at passwords until they get in.

However, most databases have a limit of 3 times entering a bad password before the account is automatically locked.

Also, some people/places are putting userid/passwords in standard text files on their servers. Some even transmit them internally in clear text.

All bad things.

Feel free to ask anything you wish to know, if I cannot answer, I'll do what I can to find you an accurate answer.

originally posted by: bucsarg
As most of us are aware databases have been, are, and will be hacked from within and without our countries borders. Hackers are attacking corporations, government agencies, and military complexes. Even spy agencies are hacked.

My curiosity has got the best of me. I am no expert. This has been going on for years and seems to be getting worse. So how come in today's advanced security technology is this continuing? How is it the hackers can still hack with such ease.

Thanks in advance for your factual replies.

There are lots of exploits. The easiest one for SQL databases is called SQL injection.

Unfortunately,if you lock down data too hard, you make it inaccessible (even to yourself).

It is security versus functionality.

Finding weaknesses.
Older sites/databases are prone to sql injection.
Poor sysadmins.
Stupid people giving out info.
Silly passwords
etc
etc

ETA: A hacker finds a backdoor that was planted by the gov snoopers!

Do you think someday they will come up with a security method other than passwords? Perhaps pictures or using a person's eye, or their sweat, or their breath or some combination. Perhaps sounds.

Shows you how much I don't know.

originally posted by: bucsarg
Do you think someday they will come up with a security method other than passwords? Perhaps pictures or using a person's eye, or their sweat, or their breath or some combination. Perhaps sounds.

Shows you how much I don't know.

All bio methods can be hacked.

a reply to: bucsarg

I honestly believe the next real step in security is to be found in quantum entanglement.

But, with that, many things will reveal themselves.

Does encryption work? What about changing password several times a day?

Entanglement on a chip for more secure communication!?

The ideal scenario for the hackers is to get access to the database itself and get a copy of it without being detected via a breach of network security. Once they have the database in their possession, they can take as much time as they want try to crack the hashcodes stored inside. As was mentioned already, normally a system will lock you out after a few attempts, but if you have the database you can try as many times as you like and as fast as you can using your own program until success is achieved. They use brute force methods to work the problem (trying as many combinations as possible -- often from a dictionary) and are mainly going to have the most success with those accounts that have more vunerable passwords -- such as those using as few characters as possible or not using special characters.

In some really sad situations, the IT people do not even bother to encrypt the passwords and they are stored as clear text (human readable and usable). Only the most irresponsible IT shops store clear text passwords in their databases these days.

So I suppose the take away of it all is to always create your own password using at least 10 characters so yours is less likely to be exposed by a brute force attack once the database is compromised.

Also if you're curious, this link from Wolfram Alpha will give you some idea about how difficult things can be (numbers of combinations) for various lengths of passwords (there is an input box to change the password length and see the result):

www.wolframalpha.com...

They are using quantum computers now. Quantum computers don't have to go through the wires or through the wifi, they only have to find the geocoordinates on earth where the actual computer is, and regardless of material around the computer, like thick walls or whatever, the quantum computer taps into a potential place in time where the computer is, without accessing the physical world. It's a hyperspace coordinate. They can see it in front of your perspective, with qubit processing.

The alternative is to blame the obvious: the people guarding the computers aren't doing what they are told. The simplicity of cloud computing only is safe when everybody abides by the honor system, it really is a throwback from something around 1974 where they had walkie talkies using the same thing. Back then they called it not secure. These days they rediscover the hard way, not secure.

originally posted by: rockpaperhammock
a reply to: bucsarg

Im very new to the genre...myself as a hobby getting into programming and web design. A great site is called Hack This Site which gives you little puzzles. Basically from what im getting is you have to find the weakness...you could stare at the code of something for quite some time until you find a little error here or there. They also use tools that do some of this work for them...for example the Kali Linux Distro has tons of tools on it..which you can get for other distros as well but you are basically using someone elses software to find flaws. Once you find the flaw then that is it....

Someone like me could look at at several flaws and never even know they were flaws because I am not that good.

Also especially when something has soooooo much code...think of video games and all the little bugs they have...its just impossible to get everything right always...that is why windows has updates usually as they find weaknesses.

Get ready man...hacking is the future.

On a side note I actually use a chrome book with no identity attached to it to do most things online now...normal viruses dont work on it and since i use it to browse online only or for a few junk emails i keep for gaming stuff I literally have 0 fear if someone got access to it. Chromebooks are a couple hundred bucks and you can do 90% of everything a normal computer can....I then keep my gaming computer usually disconnected or will use that one for personal stuff like my real email...etc.

HackThisSite is actually completely outdated. However, it is a great place to get started. The forums aren't used as much as they used to be in the early 2000s. And, if i recall correctly, the founder of HTS was arrested on some sort of hacking related charges. So I do recommend looking into another website; there are a few better ones out there.

As far as Kali Linux, it is definitely fun to use and has a lot of built in tools for hacking. But if you're not familiar with Linux, you may want to do your research first. I personally have it, amd love it, but have not used it much lately. In fact, I think I've had it for too long and am ready to try a different distro.

The problem is a lot of projects don't really have security as one of the main points of the design so it gets implemented and bodged into place possibly with all sorts of defects/bad security permissions/default passwords and once its live theres not much chance quite often to get in there and fix the problems as management will want you on the next project asap.

Amazon don't get hacked (famous last words) as they spend a significant lot of dosh on security and its built into the design process from the start unlike Sony so it seems

I'd imagine that governing computers are only online to share data between different departments. Information is key to countries worldwide, everyone wants to know what the other is doing. Gone of the days of spies and secret agencies todays war is mostly online, we the public just don't hear about it as much as those like Syria or other.

a reply to: bjvanwash

hey if you can pm me those other sites...im still new so i enjoy the challenges and im really just trying to learn python and html...using code academy as well....and i always keep at least one computer with linux around...using ubuntu now.

always nice to toss linux on an older computer and its like you bought a new computer again haha