Skip to main content

RIAA website hit by concerted attack

A seemingly harmless (opens in new tab) link posted on Social News Website Reddit is to blame for a manoeuvre that caused the website of RIAA (Recording Industry Association of America), the pirates' nemesis, to go berserk.

According to TorrentFreak (opens in new tab), someone posted a masked URL which linked to a really slow SQL Query and "discouraged" viewers to click on it, saying "Don't click it; that would be wrong."

This generated a torrent of clicks which caused the RIAA site to come to a halt, especially as thousands Digg users also joined Reddit.

However, a Reddit user pushed things even further and deleted and modified content on RIAA's website before the original content was restored shortly afterwards.

RIAA's vulnerability was apparently caused by the fact that the site is not protected against SQL injections (opens in new tab) which exploit security vulnerability occurring in the database layer of an application.

Last year, Nokia, Microsoft and the United Nations websites had their front page defaced by SQL injection.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.