OK, because I’m not a security professional but a privacy advocate, I generally do not post just “straight security” news items, but this one really touches on an issue that keeps coming up.
How many times have we been told that some unnamed or named forensics service examined a recovered laptop or a hacked database and was able to determine that nothing happened, etc.?
For years, I have been told by security professionals I know that such statements are inaccurate and that it is certainly possible to access data without leaving any evidence that forensic examiners would find. And for years, I have argued that press releases should honestly say, “As far as we can tell…” instead of making blanket assurances that are probably false. Now this, from Kelly Jackson Higgins of Dark Reading:
A database security researcher will demonstrate at Black Hat DC next month how an attacker can cover his tracks using anti-forensics techniques after breaking into a SQL Server database.
Cesar Cerrudo, the lead researcher for Application Security Inc.’s Team SHATTER and founder and CEO of Argeniss, says he will show a proof-of-concept that circumvents forensics investigations by abusing some inherent features in the database. “If the attacker has done a good job of removing his tracks, then it becomes pretty difficult to determine what was done, how it was done, why, and by whom,” Cerrudo says.
Read more here.