On March 13th, a SQL injection script was found in the WP Statistics plugin. WP Statistic is an open source plugin design to track visitors. It records IP addresses, referring sites, search engine terms, and location statistics. Per it’s WordPress.org, the plugin has over 600,000 installs. The Daily Swig reported that the plugin can break a WordPress site’s encryption keys and salts. Hackers can use automated tools like sqlmap. The flaw was found in admins accessing the “Pages” option to get statistics. This sends a request to a database and generates an SQL query. This function is normally reserved for administrators. But the flaw can be viewed by non-admins. The hacker can then input their own values into the database.
When the creators were alerted to the flaw, they quickly sanitized the bug and released a new patch.
BA 207 Introduction to E-Commerce
Amy Zegar, co-director of CISAC and Davies Family Senior Fellow, did a TEDx Talk on Cyberwarfare in 2015. Cyber attacks and cyber wars have escalated and evolved over the years. The U.S. Government placed cyber attacks on the top of their threat list. They did this after the attack by North Korea on Sony. The attack stopped the release The Interview, starring James Franco and Seth Rogan. Terabytes of private information was stolen and released. Sony suffered because of this attack.
In her talk, Ms. Zertag listed three classes of cyber attacks. The first one as thief of intellectual property form American Corporations. The IP from U.S. private businesses gives the economic an edge over others. The second class of attack is a tax on infrastructure. An attack like this would cause disruptions to the American way of life. The third class of attack is one that degrades or disables our military. A disruption like this limits the U.S. Military ability to defend the country. The military cannot attack when their interests are threatened.
Ms. Zertag states that there are “no safe neighborhoods” online. In real life, police officers patrol the city. The military defends the United States. The police and military are government owned monopolies on security. But the private sector owns 85% of cyberspace. The government cannot reach in and defend those sectors. It is up to private businesses to work with the government for cyber defense.
The internet has, as Ms. Zertag put it, a “huge attack surface.” The internet is one location where people communication, shop, and manage their finances. It is also a place where people can steal, sell illegal products, and commit other crimes. It is a centralized location. The internet was never designed to have safe spaces. Researchers and developers created the internet to share unregulated information.
Since the start of the internet, internet traffic has tripled. Development of smart devices has increased the reliance of the internet. Appliances will soon be autonomous. Driverless cars will become more popular. In the health field, smart devices will be implanted to record health vitals. The coding rule of thumb is that there is one defect for every 2,500 lines of code. The defects in code are tested by hackers and random bots. When the error in code is discovered, it is exploited. The more code is used in programing devices, the more susceptible a network is to a cyber-attack.
There are five key differences between cyber warfare and traditional warfare. The first difference is that the more powerful a network, the more vulnerable. The more connected a society is, the more they will lose due to a cyber attack. Because 85% of the internet is owned by the private sector, the government cannot work alone. The government must rely on support of private corporations and other nations to handle cyber attacks. Since society has become more connected worldwide, the attack surface is broad. The last difference is that victims do not know they are victims until it is too late. Some cyber attacks are slow and unnoticeable by their intended victims. Until the crime is committed, there is no notice of a cyber attack. Traditional warfare as the advantage of seeing the enemy. In cyber attacks, the enemy often are anonymous.