Setting politics aside (Lord knows I’d like to), this ABC 7 Chicago news story covers how Russians hacked the Illinois State Board of Election in 2016:
SQL, an acronym for Structured Query Language, is a database programming language. An “SQL injection” is a common piece of cyber-trickery used to illegally gain access to government, financial, business and private computers. Experts estimate that 8 of every 10 data breaches occur as a result of SQL injection.
Cyber-trickery.
“Processor usage had spiked to 100% with no explanation” state investigators determined. “Analysis of server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of the Paperless Online Voter Application (POVA) web site” they said.
I see.
The official report (PDF) is pretty light on details, but yeah…SQL injection.
I know, dear reader – you think everyone knows about SQL injection today, but have you had the talk with your developers recently? Why not schedule a lunch-and-learn and watch Bert Wagner’s GroupBy video demoing SQL injection?
7 Comments. Leave new
Poor Illinois. Not only does the Chicago Board of Elections see an 18 point flip from Bernie to Hillary in a Chicago precinct in their Dem Primary, but their State Board of Elections still hasn’t mitigated against a 20 year-old known code injection technique.
https://www.dailykos.com/stories/2016/4/21/1518460/-Election-Fraud-Proven-at-Audit-by-Chicago-BOE-flipped-precinct-by-18pts-from-Bernie-to-Hillary
Finally I have a well-grounded explanation for those CPU spikes on our DB server every night. I was about to suspect crappy application code but now I know that is all the horrendous deeds of Russian Hackers. May they also be held responsible for beer went missing?
You just won the SQL internet today!
When you failover a synchronous AG, what happens to executing queries and connections that are in flight? By saying “without data loss” do you mean that open transactions will fail and be rolled back rather than lost?
Howard – I think you might be commenting on the wrong post, but for general Q&A, head on over to https://dba.stackexchange.com.
Oops you are right. There were two posts in your daily email and I went to the bottom and clicked comment. Sorry!
In Soviet Russia, the SQL injects you