back to article Chinese spammers target 1,200 US, UK firms

The Royal Institute of British Architects' (RIBA) members database was hacked at the weekend, causing the institute to close access to the members' area, which remains shut. RIBA reports that 1,200 other organisations in the US and UK have also been attacked in a similar way, but "neither the RIBA nor other organisations …


This topic is closed for new posts.
  1. triky

    take that

    you try to snuff out our flame... we sniff out your data ...

  2. Jerome


    The old 'plant a web address on the databases' gag. I hate it when that happens.

  3. Mr B

    1200 targeted - 1 hacked?

    "The institute refused to comment on whether the database was encrypted or password protected."

    Meaning: No it was NOT.

    "We are taking urgent action to upgrade the protection of our systems against this latest type of threat."

    This reads: since we are to stingy to cough up the yearly $300 to get a proper SSL certificate, we'll use RC4-40 and a unique/shared password: Archit3ct, replacing the too obvious passwd.

  4. Anonymous Coward

    why do we even connect to China?

    Ahh lets just get it over with and cut all the net links to china. Would solve so many problems and would we miss their contribution to the internet?

  5. Anonymous Coward

    Blatant lies

    How TF would RIBA know that "1,200 other organisations in the US and UK have also been attacked in a similar way"? Particularly since "planted a web address on the databases" doesn't even mean anything, at least in English.

    Lying bastards.

  6. Anonymous Coward
    Anonymous Coward

    Oh no

    A live database cannot be encrypted - only the access key can be, if we are talking one way hash.

    If you encrypt the email address say, you still have to decrypt it somewhere on the server.

    The only solution is to take the data to a local store, if you wish to use the data but not in conjunction with the site software, so not for login say.

    The problem is centralized databases not encryption, if people start to think they just encrypt their data and all is well, they are deluding themselves as the decryption will occur on the server as well. Encryption only works in transit not live. At the point of receive and decryption you are vulnerable.

    And yes this 'planted web address on the database' is just babble, it is meaningless.

    And it is tempting to block China, maybe block all countries apart from Western Europe, Canada and the USA makes sense for most commercial sites. Actually if that was a campaign we would probably reduce attacks on hosts all over. I see attacks from the US, but that could be a compromised host, less chance of that happening if a block campaign was started. Would make it a little harder for companies to offshore as well, but hey who really is pro that.

  7. Anonymous Coward
    Thumb Up

    I've banned Chinese IPs

    I've banned Chinese IP addresses from my websites. People who don't do this - what are you gaining from Chinese visitors? Are they buying your goods? Are they contributing in a positive way to your website?

  8. Anonymous Coward
    Anonymous Coward

    Who flung dung?

    You cannot ban us, we are the people's republic of china!

  9. Lance
    Gates Halo

    I've Banned Many Ranges

    I've also banned all of china. I also went a bit further and banned anything outside the US! : P My company is not international and therefore we don't need anything outside the US... the only thing that comes up is troubleshooting every now and then to allow certain websites, for example the register. : D

  10. juno

    What the hell do you know?

    Particularly since "planted a web address on the databases" doesn't even mean anything, at least in English.

    We were miss quoted you plank.

    A web address hosting a Java script was written to a number of fields within the database. With a little digging we found that on the weekend this occurred, a hell of a lot of other sites were also effected.

This topic is closed for new posts.

Other stories you might like