What can telcos learn from TalkTalk’s recent data security breach? – Part 1

What history does TalkTalk have of being hacked?

There have been three attacks on the company within nine months. The first was in February, where customers were informed that personal information was taken from TalkTalk’s database. In August, there was a second attack on the mobile sales site in which personal data was again accessed.

In response to the attacks, TalkTalk has invested in its systems as well as working with cyber security specialists at BAE, to help protect its assets.

How did the hacking take place?

A DDoS (Distributed Denial of Service) technique was used to overwhelm the existing solutions within the digital security perimeter of the website. It involves large volumes of online traffic bombarding systems and overwhelming perimeter solutions, such as firewalls and IDS/IPS, which scan and protect an organisation from malicious traffic. It is at this point, when the defences are stretched, that a second line of attack takes place to attempt to steal customer data. The DDoS is merely a distraction from the real attack, which is reported to have been a SQL injection attack in this instance.

What access point was exploited to execute the attack?

It is important to stress that TalkTalk state that only their website has been breached, not its core systems. This means that even though personal payment details have been extracted, they are according to TalkTalk, only partially exposed.

The ‘my account’ section (and pages presented once logged in) are likely to have been the access point for the hackers, as it was the first section to go down.

It is likely that TalkTalk hold its customer information in SQL databases, a popular online database structure. A hacker can use SQL injection methods to feed deliberately malformed commands to a database program, via a form, input box or value in a URL. These database programs are located in the back-end of websites.

Kevin Foster, testing services manager, MTI Technology
Kevin Foster, testing services manager, MTI Technology

SQL injection attacks enable an attacker to send commands and queries through the application directly to the database, and obtain responses via the web application. The requests can be structured to read or extract customer details from numerous tables in the database. They can also be used to edit and in some cases, delete customer data. This method of attack can be used to gain command level access on the database server. This access can pave the way for attacks on other internal machines.

The author of this blog is Kevin Foster, testing services manager, MTI Technology

RECENT ARTICLES
satellite silhouette full moon

The emerging role of satellites in expanding cellular networks

Posted on: April 25, 2024

Satellites are rapidly gaining prominence in the world of cellular communication. However, the full extent of their potential to complement terrestrial networks as well as phone services and broadband is

Read more
Globalisation network technology perforated paper globe

OSIA specification recognized as ITU-T international standard

Posted on: April 24, 2024

The Secure Identity Alliance (SIA) has announced that its OSIA specification is recognised as international standard by the International Telecommunication Union’s Telecommunication Standardization Sector (ITU-T). This milestone establishes OSIA as

Read more