Hacking is easy, says security specialist

A computer hacker compromised Hell's Pizza's database and stole a history of customers' pizza orders simply because he could, according to a crusader against computer hacking.

Mike Prow, managing director of Aura Software, showed the Waikato branch of the NZ Computer Society at Wintec last week how a badly built website could be hacked by typing a few simple commands into its search engine.

"Does this happen in New Zealand? Two-hundred-and-thiry-thousand customer records were stolen from Hell's Pizza."

Details of Green Party MP Nandor Tanczos, who lives near Huntly, were stolen alongside their passwords, email and home addresses and phone numbers. Other prominent Hell's Pizza customers were DJ Mike Puru, Target presenter Brooke Howard-Smith, comedian Dai Henwood and entrepreneur Seeby Woodhouse.

"They were hacked because they could be. New Zealand is not off the radar," Mr Prow said. He demonstrated how someone with the programming knowledge of a first year or second year IT student could access a business or government department database by typing a few commands.

Mr Prow showed how easy it was to access data linked to people who had logged on to the site, and how to embed his own commands which made messages pop up to third-party viewers going to the site and infect them with malware – malicious software – which could cause damage to their own computer systems if not detected.

"It's very much `user beware'," Mr Prow said.

Mr Prow, whose business offers "white hat hacking" to clients to assess how vulnerable their systems are, gave the demonstration at the Hamilton city campus of Wintec during a New Zealand Computer Society event to warn website builders to take every possible security precaution.

"It's all about raising security awareness," said Mr Prow, whose talk was entitled "Teaching the Good Guys Bad Tricks".

- © Fairfax NZ News