知名電信業者年初門號系統當機事件破案，資料庫安全問題不可不慎！

2009年11月20日

For business heavily relies on the computer information system, sabotage of the information system by a grudge former employee is probably one of the worst nightmares for most system administrator and employers. If there exists any system vulnerability in the system, the grudge former employee definitely will exploit for revenge. The sabotage comes may come in different forms, but all with a high price tag. Loss of data, interruption of business services, legal liability – just name a few. These usually lead to degradation of service quality and loss of customer trust.

This is what happened to Nokia Siemens Network. On December 31, 2008 (yes, the new year eve), users of Taiwan Mobile find that they couldn’t use their cell phone to call or text “happy new year” to their families and friends. Taiwan Mobile system was down for 5 hours, and more than 3 millions of users were affected. The total loss is estimated to be around 25 millions NT dollars. It took Taiwan Mobile four months to find out that a grudge former employee of Nokia Siemens Network, Taiwan Mobile’s system supplier, sabotaged the Taiwan Mobile user database, something he used to work on and was familiar with. This episode ended with Taiwan Mobile deciding to upgrade their systems to boost the security – without any guarantee that incidents like this would never happen again.

While this episode seems left little lasting damage, it shows that how far-reaching the collateral damage can be even with just one grudge former employee. To alleviate this horrifying nightmare from becoming a real disaster, most professional will advise on how to adopt good managerial tact to prevent a former employee from becoming a grudge one. For most business, various system administrative measures are also taken to stop the former employee accessing the information, for example, by disabling the employee’s account.

Nevertheless, the above measures in general provide no guarantee. The conventional approach of data security by access control is only moderately effective for blocking malicious external attacks. Once the attacker is inside, the system is rendered defenseless. Hence, this access control paradigm of data security is hapless with the internal data breaches, that is, unintentional or malicious data breaches by employees, grudge or not. Furthermore, even the strictest access control policy can be breached by the sloppy human errors.

In the data security arena, the new paradigm is shifting towards “auditing”. With built-in or add-on auditing capability to monitor the access to the database, any anomaly in the database activity can be detected and pinpointed in a timely fashion.

現代企業營運高度依賴電腦資訊系統，若系統中存在重大弱點或有內控不良的情形，很容易成為離職員工挾怨報復的目標，其後果將是企業主最大的夢魘，甚至成為社會事件。破壞活動會以不同方式呈現，但是都會讓企業主與系統管理者付出極高的代價，如資料損失、企業營運中斷、法律責任等，這些都會降低企業的服務品質，還會喪失顧客的信任。

2008年除夕夜知名電信業者發生了嚴重系統當機事件。系統停擺約五個小時，近三百萬用戶受到影響無法使用電信服務，總損失估計高達兩千五百萬元新台幣。檢調歷經四個月的調查才確認嫌犯是知名電信業者外包廠商諾基亞西門子通信公司的離職員工，由於離職後心有不甘，因而破壞電信業者用戶資料庫。

這個事件本身雖然就此落幕，但它卻說明了只要一名懷恨在心的離職員工就能對大企業造成重大的危害。為了防止這可怕夢魘成為真實的災難，多數專家建議業者應採取更好的管理方法，來防止離職員工因故挾怨報復。

然而，一般的方法是沒有保證效果的，資安解決方案中的存取控制只有在阻礙惡意外部攻擊是有效的，一旦攻擊是來自內部，系統就會變得毫無防禦能力。因此，對來自於企業內部的威脅，無論員工破壞資料是基於無意或惡意，傳統的存取控制措施並沒有辦法有效地加以防治。此外，即使是最嚴謹的存取控制政策，也可能因為人為錯誤而受到破壞。

在資料安全領域中的新趨勢正轉變為「稽核」。建立資料庫存取行為的稽核機制，將可以幫助企業主與系統管理者在任何狀況下，都能即時偵查出資料庫異常的活動並準確指出問題所在。