January 20th, 2008
RIAA Website Wiped Clean by Hackers
By Michael Santo
Executive Editor, RealTechNews
It’s a weekend, and a holiday weekend to boot, so the site might stay this way for some time. Someone apparently used SQL injection to wipe, and we do mean wipe, the website of the Recording Industry Association of America (RIAA) clean of content. (In case they’ve fixed the site, click the empty “Who We Are” statement above to see what their homepage looked like at the time of this writing.)
Since the RIAA is usually chasing after pirates of copyrighted and copy-protected material, call it … well, call it what you will.
It started on Reddit, where a link to a really slow SQL query was posted. The post said “This link runs a slooow SQL query on the RIAA’s server. Don’t click it; that would be wrong.”
Of course, no one listened to that tongue-in-cheek warning. While some users were messing around changing links to point the Pirate Bay (below), for example, someone allegedly wiped the site’s entire database.
We say allegedly since it’s possible, though not likely, that the RIAA wiped it clean themselves because of all the hacking, but it would have been simply to just take the site down and fix the issue. No, it seems more likely that hackers wiped the site’s database.
As pointed out by blorg, they could have used SQL injection:
They haven’t disabled it, someone has used SQL injection to wipe their entire database. There is no content left on that site at all.
SQL injection works when a sloppy programmer passes a URL variable straight into a query without validating it. So if you have something like this:
SELECT article_title FROM table WHERE year = [URL variable]
And you pass “2007″ as the URL variable but don’t check it, it is open to tacking stuff on the end which is simply passed straight to the database for execution.
The “slow query” link tacked on a query that ran millions of pointless MD5 hash computations through MySQL’s BENCHMARK() function. Someone else decided to tack on a DELETE or DROP statement instead, and poof- goodbye site content.
There’s a lot more speculation in the comments at the original link above, though. I guess we’ll find out what happened if and when the RIAA posts some info.
For now, this is a good example of why you need backups.
Update: Looks like the site’s coming back.
Ed3 says:
A lesson for every DBA and SQL developer…
http://www.xkcd.net/327/
January 20th, 2008 at 8:11 pm
Tyop? says:
“”"
The “slow query” link tacked on a query that ran millions of pointless MD5 hash computations through MySQL’s BENCHMARK() function.
“”"
SLEEP() makes the deal, and it doesn’t crash the mysqld (^-^).
January 21st, 2008 at 6:51 am
Internet security tips and advices » Blog Archive » Useful Security Links (January 2008), Part 2 says:
[…] Real Tech News: RIAA Website Wiped Clean by Hackers […]
January 21st, 2008 at 9:01 am
Sexiest tinfoil hat, ever! » Blog Archive » RIAA hacked. Again. says:
[…] RIAA hacked, and good. […]
January 21st, 2008 at 11:54 am
Erik says:
It would have been funnier to cover the home page with downloadable mp3s but this was still pretty entertaining.
January 23rd, 2008 at 12:26 pm
russell says:
LOL Great comic man. Love it when people overlook simple thing.
February 15th, 2008 at 1:55 am