03 Jan Why do big organisations keep getting hacked and having their data leaked? What does it achieve?
I hacked a University by mistake and I was not even a beginner hacker.
Like every other person I start my day with a cup of coffee while going online to read the news on
an online newspaper. That day on the top of the page there was a banner adverting a seminar hosted
by a specific University.
However next to the banner there was an error shown, including an IP address. The error also included
the name of a database. It was MySQL.
At that time (around 2005) I was developing a PHP application that was relying to a MySQL database
to store tables of information. There was a nice free application that would let you manage the database
called MySQL Workbench.
Without further thinking I opened MySQL Workbench typed the IP shown on the banner.
I was asked for a user name and a password. I typed the default user name which was root. I left the
Simple as that. I was able to browse all tables of that database. Information regarding tutors, courses,
internal documents etc. There was even one table that had unencrypted passwords of third party
I did not know what to do!
I asked myself. Am I hacker now? Is it possible for an administrator to be that stupid?
And the answer is yes of course!
I closed the database connection. I did not change any data or kept any copy of the information.
Nowadays MySQL has safeguards that would not let that happen, even if an administrator is careless.
It’s the human factor that leaves the door open to the hackers.
As for the hackers their motivation can be political, recognition among friends or just money-money-money.
You can never be 100% protected online. But you can make a hackers life hard.
Eventually they will leave you for an easier target. Be prepared in advance!