What can telcos learn from TalkTalk’s recent data security breach? – Part 1

What history does TalkTalk have of being hacked?

There have been three attacks on the company within nine months. The first was in February, where customers were informed that personal information was taken from TalkTalk’s database. In August, there was a second attack on the mobile sales site in which personal data was again accessed.

In response to the attacks, TalkTalk has invested in its systems as well as working with cyber security specialists at BAE, to help protect its assets.

How did the hacking take place?

A DDoS (Distributed Denial of Service) technique was used to overwhelm the existing solutions within the digital security perimeter of the website. It involves large volumes of online traffic bombarding systems and overwhelming perimeter solutions, such as firewalls and IDS/IPS, which scan and protect an organisation from malicious traffic. It is at this point, when the defences are stretched, that a second line of attack takes place to attempt to steal customer data. The DDoS is merely a distraction from the real attack, which is reported to have been a SQL injection attack in this instance.

What access point was exploited to execute the attack?

It is important to stress that TalkTalk state that only their website has been breached, not its core systems. This means that even though personal payment details have been extracted, they are according to TalkTalk, only partially exposed.

The ‘my account’ section (and pages presented once logged in) are likely to have been the access point for the hackers, as it was the first section to go down.

It is likely that TalkTalk hold its customer information in SQL databases, a popular online database structure. A hacker can use SQL injection methods to feed deliberately malformed commands to a database program, via a form, input box or value in a URL. These database programs are located in the back-end of websites.

Kevin Foster, testing services manager, MTI Technology
Kevin Foster, testing services manager, MTI Technology

SQL injection attacks enable an attacker to send commands and queries through the application directly to the database, and obtain responses via the web application. The requests can be structured to read or extract customer details from numerous tables in the database. They can also be used to edit and in some cases, delete customer data. This method of attack can be used to gain command level access on the database server. This access can pave the way for attacks on other internal machines.

The author of this blog is Kevin Foster, testing services manager, MTI Technology

RECENT ARTICLES

Phoenix Tower International gains investment from Grain and BlackRock

Posted on: March 29, 2024

Phoenix Tower International (PTI) has announced that Grain Management (Grain), through its flagship funds, and BlackRock, through a fund managed by its Diversified Infrastructure business (BlackRock) have made an investment

Read more

Connectbase expands baltic connectivity with Bitė partnership

Posted on: March 28, 2024

Connectbase has announced the addition of Bitė to its ecosystem. This partnership marks a step forward in enhancing connectivity options within the Baltic region, providing a link between local and

Read more