Setting politics aside (Lord knows I’d like to), this ABC 7 Chicago news story covers how Russians hacked the Illinois State Board of Election in 2016:
SQL, an acronym for Structured Query Language, is a database programming language. An “SQL injection” is a common piece of cyber-trickery used to illegally gain access to government, financial, business and private computers. Experts estimate that 8 of every 10 data breaches occur as a result of SQL injection.
“Processor usage had spiked to 100% with no explanation” state investigators determined. “Analysis of server logs revealed that the heavy load was a result of rapidly repeated database queries on the application status page of the Paperless Online Voter Application (POVA) web site” they said.
The official report (PDF) is pretty light on details, but yeah…SQL injection.
I know, dear reader – you think everyone knows about SQL injection today, but have you had the talk with your developers recently? Why not schedule a lunch-and-learn and watch Bert Wagner’s GroupBy video demoing SQL injection?