Sign in / up

back to article It's a Meow-nixed system, I know this: Purr-fect storm of 3,000+ insecure databases – and a data-wiping bot

Poorly secured databases are being wiped and vandalized by the thousands in a seemingly automated attack. Bob Diachenko, head of research at Comparitech and who spotted the digital destruction, said that, as of today, more than 3,000 insecure database instances have been overwritten to some degree with random text, rendering …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Better than the alternative

    I'd rather see "our database was overwritten with random garbage, thus punishing our developers for being lazy", rather than "someone pilfered a copy of our unsecured database, thus punishing our customers for trusting us".

    66 1 Reply
    1. cyberdemon Silver badge
      Reply Icon
      Devil

      Re: Better than the alternative

      this. But how do we know the databases weren't pilfered before being nuked?

      8 1 Reply
  2. Lorribot

    Probably a good social responsible action by the Bot owner, wiping the data and stopping it from being stolen by someone nasty.

    I say give them a medal.

    If the DB owners don't have backups or suffer as a consequence then that is theor fault for not using basic security which should a functional requirement of every project and should be tested after every code release to make sure nothing has been left open.

    43 2 Reply
    1. Blazde Silver badge
      Reply Icon
      Joke

      Quite destructive though. Just brainstorming a bit.. to improve the socially responsible aspect the bot could encrypt the databases and charge a fee to decrypt. That way the data isn't lost but we also avoid the moral hazard that would result if these white-hats simply returned the data for free and said 'do better next time'.

      16 3 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        If the attackers were to teach a lesson, the DB could be encrypted with an algorithm where decryption is intentionally slow.

        Gives a lot of time for the admins to ponder security (and backups) when they're decrypting over the next week.

        25 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Slow algorithm ...

          you don't need a slow algorithm, just given them a password with 2 characters missing :-)

          6 0 Reply
    2. nematoad Silver badge
      Reply Icon
      Unhappy

      "If the DB owners don't have backups or suffer as a consequence then that is theor fault ...

      Perhaps it is time that we set up an electronic equivalent of the Darwin Award.

      Hard on the DBAs but even harder on any clients that they may have. Let's hope that their backups, if any, are in working order otherwise they are stuffed.

      2 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        According to the articles the first one discovered was a database of logs of a VPN that assured its customers they didn't keep logs. I'd say the customers would be quite pleased to know this had happened.

        3 0 Reply
    3. John Brown (no body) Silver badge
      Reply Icon

      "If the DB owners don't have backups or suffer as a consequence then that is theor fault for not using basic security which should a functional requirement of every project and should be tested after every code release to make sure nothing has been left open."

      On the other hand, that could apply to every virus and malware writer out there. Yes, things should be secured, especially the blatantly obvious, but that's still no reason to applaud someone who goes around checking peoples front doors and stealing stuff from houses with unlocked doors or shitting in their beds.

      8 1 Reply
    4. TeeCee Gold badge
      Reply Icon

      I was going to say something like that. Less malicious, more of a public service.

      0 0 Reply
  3. Blofeld's Cat
    Coat

    Er ...

    " ... Diachenko noticed the silo was then wiped by a miscreant, who replaced databases with random strings and the word "meow" appended. ..."

    Sounds potentially catastrophic.

    I've a feline that Macavity may be up to his tricks again.

    9 0 Reply
    1. sev.monster
      Reply Icon
      Unhappy

      Re: Er ...

      This post makes me want to vomit from all the cat puns...

      ...

      Oh, it was a hairball. Crisis avoided.

      5 0 Reply
  4. Anonymous Coward
    Go

    The "Meow" bot??

    I'm looking forward to numerous catty comments on this subject, from the El Reg commentariat....

    9 0 Reply
    1. logicalextreme
      Reply Icon

      Re: The "Meow" bot??

      I'd pretty much just assumed that Nyan Cat had somehow escaped onto the internet and started wreaking rainbow havoc.

      10 0 Reply
    2. Warm Braw
      Reply Icon

      Re: The "Meow" bot??

      I'd like to think it was Alexa going rogue after listening to this.

      1 0 Reply
      1. sev.monster
        Reply Icon
        Mushroom

        Re: The "Meow" bot??

        Alexa, EXEC sp_msforeachtable @command1 = "DROP TABLE ?"

        1 0 Reply
  5. YetAnotherJoeBlow

    Just the beginning

    Over the years I have come in after the fact (damage over 1200-2400 baud modems - about the time when kids started war dialing numbers to get a modem instead of a fax) and watch some mom and pop businesses shut down having lost everything - their customer list, inventory, orders and custom logic. It is easy to say "you did not have a backup?" as they are watching their business self destructing. Some of these acts influenced my then future career decisions.

    I think we are going to be inundated with these type of things. Of course there will be some good out of it - business will half to start hardening their silos. We will probably see Indian corporations form like they did for the year 2000 stuff. Small businesses are rather easy to secure.

    3 1 Reply
    1. IGotOut Silver badge
      Reply Icon

      Re: Just the beginning

      Many Mom and Pops these days will be using a managed system, such a Squarespace, a Wordpress or Joomla system, which are pretty easy to secure, so long as you install something like wordfence and UPDATE when prompted, or just don't bother at all and use Facebook or Instagram.

      5 1 Reply
      1. sev.monster
        Reply Icon

        Re: Just the beginning

        Mom and Pop barely know how to log on to Facebook, you think they know what a dang ol' "UPDATE" is?

        Mom clicks the "turn on" button and it just works, anything more is an angry call to [scam] tech support demanding it be fixed right now.

        3 0 Reply
    2. The Alpha Klutz
      Reply Icon
      Stop

      You should respect your customers enough not to make their evey interaction with you public domain for any cyber criminal to see.

      1 0 Reply
  6. Kevin McMurtrie Silver badge

    Have any sites gone catatonic?

    Doesn't data breaching software usually dump everything into a public storage area so that access logs are harder to trace? Whatever the situation, I don't feel feel sympathy for anyone losing the data.

    4 2 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Have any sites gone catatonic?

      I don't feel feel sympathy for anyone losing the data.

      No sympathy for the buggers who implemented and 'maintained' the databases, but the poor sods whose data these compromised systems used to contain....that's a different matter.

      18 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: Have any sites gone catatonic?

        It's the lesser of two alternatives. In fact, if the data was data that shouldn't even have been held by whoever owned the database it's an excellent outcome.

        0 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    From Wikipedia.....

    "netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections using TCP or UDP."

    *

    Yup........netcat!

    0 0 Reply
    1. sev.monster
      Reply Icon

      Re: From Wikipedia.....

      It's comedy night at the the Blue Note... The first act is almosy ready to begin.

      A man walks on stage.

      "Yup, the sky is blue too!" he says.

      Silence.

      The man leaves the stage and continues to mop the floor.

      The first act walks on stage.

      1 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    Security

    "The attack once again underscores the importance of properly securing network-connected databases, and carefully checking access policies to limit writes and reads as necessary."

    Who'd have thought?

    9 0 Reply
    1. Doctor Syntax Silver badge
      Reply Icon

      Re: Security

      "Who'd have thought?"

      Not enough did.

      1 0 Reply
  9. AndyFl

    Could be regarded as a public service

    Whilst I don't condone vandalism this is definitely better than the alternative where the data is copied and mined for any "interesting" personal information.

    9 0 Reply
    1. John Brown (no body) Silver badge
      Reply Icon
      Thumb Up

      Re: Could be regarded as a public service

      Spot on. It's the lesser of two evils but the perps certainly don't deserve a medal or any other form of accolade.

      1 0 Reply
  10. Anonymous Coward
    Anonymous Coward

    "The attack once again underscores the importance of properly securing network-connected databases, and carefully checking access policies to limit writes and reads as necessary."

    No. What it underscores is the importance of having infrastructure and security personnel making sure this sort of thing doesn't happen. PHBs treating them like an unnecessary expense and disposing of them is now coming back to wreak havoc on those respective businesses. Unfortunately those PHBs won't carry the can for it.

    I have *literally* just had the same argument about dumb infrastructure decisions affecting security....

    3 0 Reply
    1. Tomato Krill
      Reply Icon

      Garmin CISO is that you?

      0 0 Reply
    2. Doctor Syntax Silver badge
      Reply Icon

      Subject: Minute of meeting between PHB and A/C on {DATE}

      A/C recommended to PHB that {STUFF} be done/purchased. A/C advised PHB that the consequence of not doing so would be a serious risk of {BAD_STUFF} happening to the business. PHB decided not to do/purchase {STUFF} and that the business would accept the risk of {BAD_STUFF} happening.

      Typed on an old-fashioned typewriter with a carbon copy sent to PHB so he knows there's a hard copy of the original secured somewhere. Even better:- accompanied by a receipt of the registered letter which was the original posted by A/C to self.

      1 0 Reply
  11. Fruit and Nutcase Silver badge
    Joke

    Mrs Slocombe says

    "Naughty Pussy!"

    3 0 Reply
  12. TechHeadToo

    Whilst I agree with all the comments saying 'serve them right' I believe we should also keep at the forefront of our mind that

    It Is The Criminals Fault.

    In just the same way as It Is The Criminals Fault if your unlocked house is robbed.

    Equally, the fact that such activity can take place is down to the design of the comms. It is no longer beyond our capabilities to run comms and Operating Systems which are intrinsically secure.

    Bt I have no idea how you could implement same whilst the USA, China, Russia, etc want to have access to all information, everywhere.

    Me? - My fountain pen still works for secure communication.

    0 0 Reply
  13. Claptrap314 Silver badge

    Kinda like when Google broke the internet

    Just how long has it been since AWS secured these things by default?

    I'm having a really, really hard time viewing this action as net criminal.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like