More Than Meets The Eye
I’ve recently added to the database an old incident. In March of 2003 a hacker broke into the computers of the University of Texas in Austin and stole more than 55,000 social security numbers. Since at universities the networks are many times wide open, I dismissed the incident at the time as another network based hack.
A note posted in one of the mailing list made me go and check the incident again. I found out that the hacker penetrated a database, not a web application, but not a network layer attack either. I continued my research in order to determine what database is was and found out that it was txClass. Now, what database can this be? I certainly haven’t heard of such a product before. Well txClass is a web based application, which was referred to in the news stories as a ”database” since it does manage a database.
So this was a web application layer hack. I even managed to find out what the hack was: the hacker brute forced the system by trying large ranges of social security numbers.
This incident shows how little we actually know about published incidents and hints that many of the incidents that I do not include WHID might actually be related to the application layer.