How fast can I find an unprotected database online? Less than 9 hours

How fast can I find an unprotected database online? Less than 9 hours

What happens when a database full of important personal information is left unprotected on the Internet? Potential data thieves would find it within hours, says hybrid technology blog/research team/VPN affiliate reseller Comparitech.

On May 12, Comparitech spun up a "honeypot" server containing fake user data and left it without proper password protection to attract thieves, explained the site's Paul Bischoff in a blog post earlier this week.

"We wanted to find out how fast data can be compromised if left unsecured," Bischoff wrote.

Over the next 11 days, the honeypot server was accessed 175 times, with the first attempt made eight hours and 35 minutes after the server came online. Over the next four days, more than three dozen intrusions were made.

The Shodan search engine indexed and listed the server on May 16, and was accessed 22 more times in the next 24 hours.

This investigation is clearly self-serving, since Comparitech specializes in finding unsecured databases on the Internet. This is because security researchers can rarely know if someone else found an open server before they did, or if the data was stolen.

To use a real-world analogy, if you find the front door of your home unlocked, but nothing seems to be missing, how can you tell if someone has entered? Comparitech's research is like leaving the door to your house unlocked, but installing a surveillance camera across the street to monitor it.

"Attackers"--Comparitech's words, not ours. Most of the "attackers"-Comparitech's term, not ours, because accessing an unprotected database is not a crime-used IP addresses in the US, Romania, and China. That does not necessarily mean they were physically in these countries.

In fact, most of the "attacks" simply queried the status of the databases, which is no big deal. Some, however, were aimed at "mining cryptocurrencies, stealing passwords, and destroying data," Bischoff wrote.

The experiment ended abruptly on May 22 when a real attacker, presumably a bot, "deleted the contents of the database and left a message in bitcoin with contact information and a request for payment."

This was not exactly a scientific study; it was only one server in a one-time test of less than two weeks; it is not known how many other honeypots, if any, were installed before Comparitech achieved the desired results.

A more in-depth study would place more servers in many different locations for a longer period of time and analyze how many servers were accessed and how often. That would give a true picture of how likely it is that unprotected sensitive data could be stolen.

Categories