A Russian-speaking hacker sold unauthorized access to databases for more than 60 universities and government agencies in the United States and United Kingdom, including UCLA.
The hacker, called Rasputin, sold SQL injections which allow a hacker to access all the contents of an internet database, rather than only parts of it, for various databases according to a statement by Recorded Future, a technology company that specializes in real-time threat intelligence.
Recorded Future informed the UCLA Information Security Office that a UCLA website was vulnerable to SQLi attacks from Rasputin, according to the office.
Recorded Future also said Rasputin had accessed a U.S. Election Assistance Commission database with a similar attack in November.
The UCLA Information Security Office worked with the affected campus unit to identify and make the website secure again, prior to Recorded Future’s Feb. 15 public announcement. The office did not specify which website was compromised.
Though the website was initially vulnerable to the exploit, there was no personally identifiable or sensitive information in any of the web server’s SQL tables, the UCLA Information Security Office said.
Peter Reiher, a computer science adjunct professor, said SQL is a popular query language for databases and a way of asking for something from a database.
He said most websites rely on databases to store information about users, such as users’ interests or personal identification, and give the information to servers when asked. Servers can identify users when accessing databases, but doing so can also unintentionally give secret information.
He said database owners can prevent a SQLi attack through well-programmed systems, but some people buy systems with potential mistakes in the software.
“One of the things they might be doing is filling around with SQL, and the attacker can get ahold of their information,” Reiher said. “It’s not the user’s fault but the software came with a mistake built in.”
Reiher said he thinks with so much data flowing around UCLA in many different servers, it is possible someone made a small mistake that could have had negative consequences.
“The amount of data flowing around UCLA is intense, but what would be lost depends on what the database is compromised of,” Reiher said.
Other affected universities include New York University, Rice University and the University of Washington. The federal agencies the hacker breached include the National Oceanic and Atmospheric Administration and the U.S. Department of Housing and Urban Development.
Contributing reports from Eric Bazak, Daily Bruin contributor