Having “fun” with the Data Set

We recently had an inquiry regarding whether or not we could store more details about certain breaches, specifically the type of Hack (for hacked breaches) that was used, or the application that ended up being breached. Neat ideas, of course, and we’ve considered them ourselves on several occasions, given that we have OSVDB as our sister project. We’ve always wanted to use both, or tie them together, however, we run into some issues in doing so. One big one is that we rarely know the cause of a given breach. That information is simply not disclosed the vast majority of the time. Neither is the application that was exploited, in fact, I can’t recall a single instance of a specific vendor’s product being named in our data set (but I suppose there might be a couple if I looked hard enough).

Adding new fields to the database is a fairly straight-forward thing to do, but, we don’t like to do it unless we can at least somewhat consistently populate these fields. A visitor suggested Primary Sources, so for fun, we searched them.

Querying for “sql injection” yields 21 primary sources results, associated with roughly a dozen unique incidents, give or take. It was more results than I thought we’d have, anyways. But more than anything, it made me wonder what other interesting queries could be made. So, I tried a few:

Querying for “search engine” or for “google” yielded some delightful entries about stuff getting indexed.

Querying for “encryption key” had some interesting results where the encryption key had been lost with the encrypted systems/media.

My personal favorite! Querying for “no reason to believe” showed just how cliche that term is in data breach notification letters, returning over 15% of all primary sources.

Querying for “former employee” gives us a glimpse into fraud committed after employment.

Querying for “password protected” shows how common that is used as a “don’t worry” clause in breach notification letters.

Querying for “windows” yielded a few primary sources describing Windows servers that had been breached, but few.

Querying for “database” was also somewhat interesting.

There are likely hundreds of other interesting combinations. The above are just the ones we thought up. Experiment on your own, and if you find anything good let us know.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: