Juha Saarinen is a tech blogger for nzherald.co.nz.

Juha Saarinen: Big data lacks big security

It's too easy for hackers to take over big data. Photo / Getty
It's too easy for hackers to take over big data. Photo / Getty

Who hasn't come across the "big data" buzz term yet? Everyone's doing it: Collecting lots of information via sensors, public data sets going back years, all manners of sources.

It can be anything, literally, that computer scientists use massive IT systems to devour and pick through for interesting patterns.

That big data has to go somewhere, and be accessible from the internet to be of use to researchers and others, of course.

Did you wonder if those big databases storing huge amounts of information were safe and secure? Wonder no more: They're not.

When I say they're not secure, I mean the databases are left wide-open for anyone to do whatever they like with.

This year has seen a rash of attacks on internet-connected databases containing huge amounts of information. Around 40,000 databases have been wiped around the world, with hundreds of terabytes (one terabyte is a thousand gigabytes) gone. The tally's probably even higher now, as attackers have scanned the internet to find open databases and there are hundreds of thousands of those around.

It's no clever hacking attempt, just taking advantage of the fact that the databases have been installed with zero consideration for security like having access controls, and not allowing every person and their dog in, with full administrator rights.

Most of the attacks have been blackmail attempts.

"Your data's deleted, pay 1bitcoin to get it back."

Except you're not going to get it back.

There's no evidence that the attackers spent the probably considerable amount of time and had the costly bandwidth and storage capacity required to back up the data before deleting it.

Other deletions have been simple vandalism, or maybe a misguided attempt at encouraging database administrators that they need to secure their systems.

Few organisations have been able to get their data back, and it seems nine out of 10 operators do not back up the information in the databases, security researchers noted.

The vulnerable database servers are found across a range of industries and scientific organisations.

Medical research institutions, marketing firms, schools and academia, financial and insurance companies, manufacturers and software developers are just some that have been hit.

As many of the victims ran the databases on their production systems, it's a safe bet to assume that quite a bit of important information has been lost, maybe forever.

That's bad enough, but if the databases were left open to anyone on the internet, was some sensitive personally identifiable data siphoned off quietly by bad people who should not have access to it?

I don't think anyone would be surprised if that has happened, too, and the privacy implications are scary.

From the above we can learn that data, big or small, is popular with all sorts of organisations and people who have no idea how to secure their systems and that that is a global problem.

It's cool to be a data driven organisation sifting through masses of info for insights, but keep it safe please.

And back up often because the internet will punish the careless sooner rather than later.

- NZ Herald

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter

SIGN UP NOW
Juha Saarinen is a tech blogger for nzherald.co.nz.

Juha Saarinen is a technology journalist and writer living in Auckland. Apart from contributing to the New Zealand Herald over the years, he has written for the Guardian, Wired, PC World, Computerworld and ITnews Australia, covering networking, hardware, software, enterprise IT as well as the business and social aspects of computing. A firm believer in the principle that trying stuff out makes you understand things better, he spends way too much time wondering why things just don’t work.

Read more by Juha Saarinen

© Copyright 2017, NZME. Publishing Limited

Assembled by: (static) on production apcf04 at 25 May 2017 21:47:53 Processing Time: 404ms