Pete Finnigan's Oracle Security Weblog

I saw an interesting short article in the Computer Active magazine today about some research done by a company Websense Security Labs. The article said that a new hacker trend had started where by a hacker gains access to a persons PC via a worm, virus or bug ( in this case it was a bug in IE) and installs some software that encrypts a certain set of files on the unfortunate persons PC, the deletes the originals. Then the hacker leaves a note that says pay a sum of money - a few hundred dollars - and he (the hacker) will send a program that allows the unfortunate persons files to be restored.

The article is a very interesting one. I have no idea how wide spread or not this type of attack is or if it will grow in occurrences. The attack described is aimed at PC's but could move to other areas such as databases, even Oracle databases. What if an attacker, hacker, malicious employee or criminal decided to deprive your company of its data? OK, its not absolutely trivial but he could quite easily encrypt key tables / columns with built in packages such as DBMS_OBFUSCATION or DBMS_CRYPTO and then ask you for money or other goods to be supplied with the key used and also the algorithm used. What can you do to prevent such a situation? A situation like this would never be totally preventable as it could be done by someone with admin access but it is prudent to ban PUBLIC access to these packages and any other encryption routines held in the database. Use audit to know who has done what and when. In 10g Release 2 ensure that no one can add transparent encryption to any critical columns of data. Perform a security audit on your databases or get someone like me in to do it for you and then secure the database.