SQL injection seems to be at the root of the incident

Jul 23, 2014 12:15 GMT  ·  By

The Wall Street Journal has admitted to its systems being compromised, in the wake of a hacker posting images of an extracted database on Twitter.

According to Dow Jones & Co, publisher of The Wall Street Journal, the news site’s graphics servers were hacked by an intruder unknown at this time.

The company said that the initial investigation of the incident did not reveal any traces leading to suspicions of data tampering and no damage was recorded. However, the examination for signs of compromise continues.

“We are investigating an incident related to wsj.com's graphics systems. At this point we see no evidence of any impact to Dow Jones customers or customer data,” a spokeswoman for the Journal said.

A hacker under the handle “w0rm” claimed the attack and posted on Twitter a couple of images with the extracted database. In one of them, the login details (password is encrypted) of a server administrator, Palani Kumanan, are visible.

If the account password were decrypted, the attacker would have access to the server. IntelCrawler CEO, Andrew Komarov, has told WSJ that this offers the possibility to “modify articles, add new content, insert malicious content in any page, add new users, delete users and so on.”

Komarov said that researchers at IntelCrawler discovered the security flaw leveraged by the attacker and that the claims were legitimate. “We confirmed there is the opportunity to get access to any database on the wsj.com server, a list of over 20 databases hosted on this server,” he told WSJ.

The WSJ article does not mention the vulnerability that was used for penetrating the systems, but Jeremy Kirk of IDG News Service received the information from Komarov, who said that it was an SQL injection that permitted the unauthorized access.

w0rm (@rev_priv8), also known as “rev0lver,” is of Russian origin and shared on Twitter that he was willing to sell the WSJ database for one Bitcoin, which translates to $623 / €462.

Half an hour after posting the first image linked to the WSJ attack, he also tweeted about hacking the servers of Vice.com, revealing an image with login credentials and user privileges.

The Wall Street Journal systems affected by the incidents have been taken offline for analysis and for isolating any further attacks.

w0rm is known to have previously breached CNET systems, from where he retrieved a database with login credentials of more than one million readers of the publication.

He tried to sell the information for the same amount, claiming that it was notoriety he was after and this was the reason behind these attacks.