undefined | Better HN

0 pointsviraptor7y ago0 comments

> But if they have enough control to tell some system to dump its contents somewhere

This doesn't have to mean that they have full, unrestricted access. Access to data may mean that they could get raw records via some internal API. That API may still have logging, access control, DoS protection, etc.

Just like you can detect and prevent an external person from scraping your website in most cases, you can detect some internal service requesting way more than an average hourly number of records. Or with a better audit - specific verifiable entity (signed employee requests, external request id markers, etc.) requesting more than they should.

That assumes you have well designed system with multiple tiers and assume no trust. It's not possible if every service connects to the same database with yolo-root-access.

0 comments

1 comments · 1 top-level

nickodell7y ago

I get the impression that they did connect with yolo root access.

>Although the ACIS application required access to only three databases within the Equifax environment to perform its business function, the ACIS application was not segmented off from other, unrelated databases. As a result, the attackers used the application credentials to gain access to 48 unrelated databases outside of the ACIS environment.

j / k navigate · click thread line to collapse