12.1. Data Exfiltration
Data exfiltration is the process of getting data without being noticed. This could be something as simple as walking away with the physical backup tapes to something as complex as using covert channels over the network. One of the more sophisticated covert channel methods was developed by Joanna Rutkowska. Called NUSHU, it was named after an old secret language used by Chinese women. NUSHU, the more recent one, uses the TCP initial sequence number to hide encrypted data. While NUSHU can be detected (using methods developed by Steven J. Murdoch and Stephen Lewis from Cambridge University in the U.K. and Eugene Tumoian and Maxim Anikeev from Taganrog State University in Russia), it must be noted that these methods were developed only after NUSHU was published.
It is difficult to detect unknown, covert channels. Covert channels tend to hide small chunks of data (for example, 32 bits) and smuggle them out of the network — this can take an extremely long time given a database server with 3 terabytes of data, as such covert channels tend to be used when the portions of the data are known. It is just too impractical to transfer the database wholesale using covert channels. Unless an attacker has all the time in the world, fewer covert channels need to be used — indeed, channels that hide in plain sight. This chapter examines some of the methods that might be used to smuggle data out of the database and away from the network. Methods can be considered as either ...
Get The Oracle® Hacker's Handbook: Hacking and Defending Oracle now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
