Sunday, January 20, 2008

RIAA Website Wiped Clean by Hackers

It's a weekend, and a holiday weekend to boot, so the site might stay this way for some time. Someone apparently used SQL injection to wipe, and we do mean wipe, the website of the Recording Industry Association of America (RIAA) clean of content. (In case they've fixed the site, click the empty "Who We Are" statement above to see what their homepage looked like at the time of this writing.)

Since the RIAA is usually chasing after pirates of copyrighted and copy-protected material, call it ... well, call it what you will.

It started on Reddit, where a link to a really slow SQL query was posted. The post said "This link runs a slooow SQL query on the RIAA's server. Don't click it; that would be wrong."

Of course, no one listened to that tongue-in-cheek warning. While some users were messing around changing links to point the Pirate Bay (below), for example, someone allegedly wiped the site’s entire database.

We say allegedly since it's possible, though not likely, that the RIAA wiped it clean themselves because of all the hacking, but it would have been simply to just take the site down and fix the issue. No, it seems more likely that hackers wiped the site's database.

As pointed out by blorg, they could have used SQL injection:

They haven't disabled it, someone has used SQL injection to wipe their entire database. There is no content left on that site at all.

SQL injection works when a sloppy programmer passes a URL variable straight into a query without validating it. So if you have something like this:

SELECT article_title FROM table WHERE year = [URL variable]

And you pass "2007" as the URL variable but don't check it, it is open to tacking stuff on the end which is simply passed straight to the database for execution.

The "slow query" link tacked on a query that ran millions of pointless MD5 hash computations through MySQL's BENCHMARK() function. Someone else decided to tack on a DELETE or DROP statement instead, and poof- goodbye site content.

There's a lot more speculation in the comments at the original link above, though. I guess we'll find out what happened if and when the RIAA posts some info.

For now, this is a good example of why you need backups.

Update: Looks like the site's coming back.

No comments: