More on the Best Western break in
From the UK’s vnunet.com:
Hackers breach Best Western in data heist
It seems the hacker managed to insert a Trojan into the computers of a hotel and logged the user name and password of someone with sufficient security clearance to gain access to corporate servers.
Interesting, but not ingenious.
It does seem to indicate that the attack was target explicitly at data theft, rather than someone stumbling across a SQL injection attack vector.
How could defense-in-depth have helped here?
I guess we still need to learn a little more about how the attack progressed.
- Did the user get remote access to the SQL server?
- Was the website capable of retrieving this type of data if the user login credentials were sufficient?
- Did the attacker’s trojan dial out to a remote server allowing the perpetrator to take complete remote control of the box?
- Even if he had full remote control, was there any content filtering in place to prevent that data from traveling over the network? I guess the attacker could have encrypted the channel…
More from SecurityFocus.com:
Denial, hype cloud report of Best Western breach
“We can confirm that on August 21, 2008, three separate attempts were made via a single log-on ID to access the same data from a single hotel,” the company said in a statement released late Monday. “The hotel in question is the 107-room Best Western Hotel am Schloss Kopenick in Berlin, Germany, where a Trojan horse virus was detected by the hotel’s antivirus software. The compromised log-in ID permitted access to reservations data for that property only. The log-in ID was immediately terminated, and the computer in question has been removed from use.”
Best Western said that it had narrowed down the number of customers affected to 10.
.