Ugh...this article reads like a movie about hacking. The story breathlessly conveys how elite Shanghai hackers toyed with a company's lifeblood, wreaking such prolific havoc that the owner literally crawled under the server building to see if a bug had been planted...but the ultimate culprit may have been...
> Examining the script that controlled the payment processing function in November that year, he noticed that a single character was missing from the string -- an apostrophe. That was enough to cause the page to time out, rather than to complete the credit card transaction. Customers were leaving in frustration
Am I right in thinking that this was all hack via SQL injection?
No, I think you're missing the point. If it's true that rival nations will attempt to hack us for whatever reason, then it benefits us all to have a better understanding of basic cybersecurity than seeing foreign hackers as the Hand of God. Instead of examining the geopolitical problems here, this article takes us through a terrifying cyberstorm whipped up by mystical superhackers when the real perpetrators might as well have been script kiddies.
The problem is that if cybersecurity continues to be framed in this fashion, then all that shit that HN continually complains about -- security theater (via homeland security) and draconian Internet laws (remember SOPA) -- will continue to be status quo.
Script kiddies or not who cares - the effect on the small business was still effective. Like you say, its another wake up call to us all to have a better knowledge of security.
It seems like it was via an attachment in a phishing email that one of the employees clicked on...
"Milburn contacted Matthew Thomlinson, a Microsoft Corp. (MSFT) threat expert for help. Thomlinson found the malware had downloaded software that burrowed into the company’s Microsoft operating system, automatically uploading more tools the hackers could use to control the network remotely."
I get that not every programmer can be well versed in cyber security, but how is it that apparently no one at this software firm apparently practices sound scientific reasoning? Is it possible to go through enough schooling in commuter science and not be able to diagnose a hack with logical reasoning before assuming Neo and the Matrix are real?
> Examining the script that controlled the payment processing function in November that year, he noticed that a single character was missing from the string -- an apostrophe. That was enough to cause the page to time out, rather than to complete the credit card transaction. Customers were leaving in frustration
Am I right in thinking that this was all hack via SQL injection?