Hacktivists Using SQL Injections to Target Government Data

Over the last year, hacktivists driven by ideological differences have targeted government data around the world at a persistent rate. The lines are blurred with most of these attacks as there are multiple motives behind them. However, one common theme to these attacks is the simplicity in which they are carried out. Hacktivists use an attack method known as an SQL injection to extract information from SQL databases that are vulnerable and exposed online.

OWASP lists SQL injection as the number one web vulnerability. SQL is an attack targeting web applications taking advantage of poor application coding where the inputs are not sanitized, therefore exposing application vulnerabilities. SQL injection is the most famous type of injection attack, which can also include LDAP or XML injections. The idea behind an SQL injection is to modify an application SQL query in order to access or modify unauthorized data or run malicious programs. Most web applications rely on databases where the application data is stored and being accessed by SQL queries, and modification of these queries can result in taking control of the application. For example, an attacker would be able to access the application’s backend database with administrator access, run remote commands on the server, drop or create objects in the database, and more.

For instance, the sql query below, aiming at authenticating users, is common in web applications:

myQuery= ”SELECT * FROM userstable WHERE username = ‘userinput1′ and password =’userinput2’;”

Replacing userinput1 by: ‘OR 1=1’); — would result in granting the attacker access to the database without knowing the real username and password as the assertion “1=1” is always true and the rest of the query is being ignored by the comment character.

Replacing the userinput1 by ‘ OR 1=1″); drop table users;– would additionally drop the application users table.

[You might also like: In the Crosshairs: Six Cyber Security Threats Gunning For Your Online Business]

Recent Government hacks:

COMELEC – The database of the Philippine Commission on Election was breached via and SQL injection that resulted in exposing 55 million voters.

Country Liberal Party – An 18-year-old launched and SQL injection attack against the Country Liberal Party in Australia that resulted in 117 member’s personal information being exposed

UN Climate Change Summit – Members of Anonymous allegedly used an SQL injection to target the UN Climate Change Summit website. This attack resulted in the hackers gaining access leaking data containing usernames, passwords, email, titles and more.

European Space Agency – Anonymous targeted the European Space Agency with a reported blind SQL vulnerability that granted them access to the ESA’s database and resulted in leaked information of over 8000 names, emails and passwords.

Hacktivists are the digital activists of our era, and are not going away any time soon. They can now take a stand on social and political issues on a global scale—without digital boundaries. Arguably, the most dangerous aspect of hacktivism is the intent. While many fight for political and social change, others will use these operations for personal and financial gain. Importantly, hacktivist groups are not as “leaderless” as they might have everyone believe. Motivation of a group’s leaders can be difficult to discern. Leaders could be propagandists, or foreign powers attempting to subvert a group into carrying out an attack for them. However, what all operations share is the exploitation of a “gang” mentality to build momentum and scale—tapping into the social fad and feeding some people’s desire to feel important. Given the amount of media attention data leaks attract, they serve as motivation for attackers to leak more data. Protests are now taken to the digital world via attacks that include denial of service and SQL injections.

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center