Technical compromise

from Wikipedia, the free encyclopedia

A system , a database or even just a single data set is considered to be compromised if data could be tampered with and if the owner (or administrator ) of the system no longer has control over the correct functioning or the correct content, or an attacker has another target the manipulation has achieved.

Definition of terms

An attacker is understood here as a user who is not authorized to access the system, but who has gained access. It does not matter whether the unauthorized and uncontrolled access is improper or unintentional. It is essential that the integrity of the stored information can no longer be guaranteed.

Publicly accessible data can only be compromised through (the possibility of) manipulation. In the case of data that is secret in some way, however, the possibility that an attacker has received read access already means a compromise, since previously secret information could subsequently be accessible to third parties. The compromise does not necessarily have to imply the manipulation of data.

If an attacker, for. If, for example, the key to a cryptosystem can be obtained, this system is compromised without the attacker having changed any data. An attacker who only observes can compromise a system. This typically occurs after a computer virus attack or a targeted break-in by hackers (or crackers ). A system manipulated in this way can no longer be regarded as trustworthy.

Examples

  • Hackers compromised various servers of several US business information services and likely stole social security numbers, dates of birth, driver's license information and credit reports in order to sell them on.
  • Hackers broke into Linux.com and Linuxfoundation.org and possibly stole user data such as login name, password and e-mail address.
  • Apache servers were infected to a large extent by the Darkleech malware and thus compromised; up to 20,000 servers are said to have been affected in summer 2012.
  • A highly critical security vulnerability in Drupal (called Drupageddon), which enabled SQL injection , was used at the end of October 2014 for automated attacks on unpatched servers in the content management system . It was discovered on October 15, and all Drupal 7 installations that had not been patched within seven hours by October 16, 2014 at 1:00 a.m. German local time must be considered compromised.

recognition

In order to detect a compromised system, one can e.g. B. check:

  • whether users were logged in at unusual times
  • whether there were logins from unusual systems
  • whether users have logged on who normally do not log on to the system
  • whether an unusually large amount of computing time was used
  • whether programs are running that would not normally run on the system
  • whether there were unusual restarts (in number or time) of the system or of services
  • whether programs run under unusual users / rights

Individual evidence

  1. What can happen if my password has been compromised? . Article about the consequences of a compromised password from the Technical University of Darmstadt . Retrieved November 5, 2013.
  2. Kaspersky: Cyber ​​mercenaries strike quickly and efficiently . In: Heise Security , September 27, 2013. Retrieved November 5, 2013.
  3. Adobe hack affects at least 38 million accounts . In: Heise Security , October 29, 2013. Retrieved November 5, 2013.
  4. Hackers compromise servers of several US business information services . In: ZDNet News , September 26, 2013, accessed November 8, 2013.
  5. Linux Foundation server compromised . In: Linux Magazin , September 12, 2011, accessed November 8, 2013.
  6. Darkleech Toolkit compromises Apache server . In: ComputerBase , April 3, 2013, accessed November 8, 2013.
  7. Shellshock: Yahoo, WinZip and Lycos have been attacked . In: Heise Security , October 7, 2014, accessed October 10, 2014.
  8. Update for Drupal 7 closes worst-case security hole . In: Heise Security , October 16, 2014, accessed November 4, 2014.
  9. Drupal vulnerability with dramatic consequences . In: Heise Security , October 29, 2014, accessed November 4, 2014.
  10. Search for evidence of compromise using the example of UNIX / Linux ( Memento of May 13, 2010 in the Internet Archive ). Retrieved November 8, 2013.
  11. Search for evidence of compromise using the Windows example ( Memento from May 22, 2010 in the Internet Archive ). Retrieved November 8, 2013.