Ransomware & HSE

kippy

ineedeuro wrote: »

Who is baying for blood?
I am asking for answers. Not the lies we are hearing from the HSE , RTE & government. They will never do a detailed investigation if everyone sits back and waits.

How long are you willing to wait and get answers? weeks? months? years?
Anyone that is paying tax is currently paying for the HSE, yet as usual people want to roll out and let them away with the shambles that it is. From the top to bottom it is a mess and this is just another example. Yet we still have people making excuse.

If this was a private company/hospital. Do you honestly think nobody would be fired on the spot? or they would just pat them on the back for another f**k up and continue on?

Stop with the "If this were the private sector, people would be fired on the spot nonsense".
Absolute nonsense.

kippy

ineedeuro wrote: »

Yes, the budget can only stretch so far. Hence why you have a Security assessment done and firm up what can be bought.
They also have access to the NHS and they have released plenty of information on ransomware after they got hit in 2017 so its not like they have never heard of it.

I am not sure who came up with this low pay in the HSE. That is not true at all, the package with pay/pension etc can rival anyone in the market.

Not in tech.

gmisk

kippy wrote: »

Not in tech.

Exactly
Case in point
https://www.irishtimes.com/news/ireland/irish-news/cyber-security-role-is-vacant-because-of-low-salary-td-says-1.4566803

ineedeuro

kippy wrote: »

Stop with the "If this were the private sector, people would be fired on the spot nonsense".
Absolute nonsense.

The HSE was shut down, data was lost. GDPR rules broken. They are open to millions and millions of claims.

If that was a company people would be fired from top to bottom. In fact they wouldn't even wait to get fired, the CISO would already have handed in notice and be long gone.

kippy

ineedeuro wrote: »

The HSE was shut down, data was lost. GDPR rules broken. They are open to millions and millions of claims.

If that was a company people would be fired from top to bottom. In fact they wouldn't even wait to get fired, the CISO would already have handed in notice and be long gone.

Not in the real world.

ineedeuro

gmisk wrote: »

Exactly
Case in point
https://www.irishtimes.com/news/ireland/irish-news/cyber-security-role-is-vacant-because-of-low-salary-td-says-1.4566803

That is a Director role and when was the Cyber Centre in the HSE?

Turtwig

ineedeuro wrote: »

I am asking for answers.

How long are you willing to wait and get answers? weeks? months? years?

You aren't looking for answers. You've already decided there is blame to apportion and that you're being lied to. Despite no evidence to prove your claim.

This could take months or years to be fully investigated. What you're doing is no different to the people shouting at hydroelectric dam and spillway operators when an evacuation is ordered. There may have been fck ups made. We don't know if there have been. More importantly we don't WHEN they were made.

We need to learn from this.

Listening to the news now.

TBH, sounds like bullsh!t to me to be honest.

ineedeuro

kippy wrote: »

Not in the real world.

https://www.csoonline.com/article/3510640/7-security-incidents-that-cost-cisos-their-jobs.html

Yes in the real World.
Of course as mentioned it can reinforce security in an organisation if someone else was blocking them. Then they should be fired.

People lives depend on the HSE, incompetence should not be allowed or people making excuses for it.

Hurrache

Deleted User wrote: »

Listening to the news now.

TBH, sounds like bullsh!t to me to be honest.

What part?

ineedeuro

Turtwig wrote: »

You aren't looking for answers. You've already decided there is blame to apportion and that you're being lied to. Despite no evidence to prove your claim.

This could take months or years to be fully investigated. What you're doing is no different to the people shouting at hydroelectric dam and spillway operators when an evacuation is ordered. There may have been fck ups made. We don't know if there have been. More importantly we don't WHEN they were made.

We need to learn from this.

So how are you going to learn from it?
What do you think should be done?

gmisk

ineedeuro wrote: »

That is a Director role and when was the Cyber Centre in the HSE?

You are being deliberately obtuse.
It clearly shows that CS/PS pay in tech roles cannot compete with the private sector, so key jobs go unfilled.
Who do you think is helping out (more than that tbh) and leading the response across the CS/PS with regards the HSE cyberattack....the NCSC...I am actually involved to a degree in the response you are clearly not.

I work in ICT in the PS...it is literally impossible to recruit decent ICT people even at HEO grades, the money is so poor compared to the private sector. I am speaking from personal experience.

Hurrache

Hurrache wrote: »

What part?

they received a decryption key which is actually an algorithm, and the algorithm is flawed so they have to re-write it.

They also mentioned polymorphic encryption which is not a known feature of conti last I looked.

Hurrache

Deleted User wrote: »

they received a decryption key which is actually an algorithm, and the algorithm is flawed so they have to re-write it.

That's not what they said the challenge is. It's not like a decryption key is a password when you log into your windows machine, you enter the key in a window and everything is immediately available to you.

Hurrache

Hurrache wrote: »

That's not what they said the challenge is. It's not like a decryption key is a password when you log into your windows machine, you enter the key in a window and everything is immediately available to you.

So what was your take on the what the problem is?

Hurrache

Deleted User wrote: »

So what was your take on the what the problem is?

Time, labour and complexity involved. Like I said, it's never a simple thing like clicking your Scan Now button on your antivirus software, and it's not helped when they have to work around restrictions and security they have in place.

realdanbreen

gmisk wrote: »

You are being deliberately obtuse.
It clearly shows that CS/PS pay in tech roles cannot compete with the private sector, so key jobs go unfilled.
Who do you think is helping out (more than that tbh) and leading the response across the CS/PS with regards the HSE cyberattack....the NCSC...I am actually involved to a degree in the response you are clearly not.

I work in ICT in the PS...it is literally impossible to recruit decent ICT people even at HEO grades, the money is so poor compared to the private sector. I am speaking from personal experience.

So we have CS/PS, HSE, NCSC, ICT, PS, and HEO!
I can tell from you're post that you speak with a D4/Dort accent!

plodder

Deleted User wrote: »

they received a decryption key which is actually an algorithm, and the algorithm is flawed so they have to re-write it.

I guess what they received wasn't a decryption key, but a Windows executable program including a decryption key, and they want to extract the key from it and use their own decryption tool. But, they also need to know the algorithm used.

They also mentioned polymorphic encryption which is not a known feature of conti last I looked.

That's interesting. On what program did you hear this?

Who is the HSEs designated Data Protection Officer? Why haven't we heard from them? They should be the ideal person to have an overview of this.

Notification of Data Protection Officers
Under the GDPR, certain organisations are required to appoint a designated Data Protection Officer (DPO). Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

An organisation is required to appoint a designated data protection officer where:

the processing is carried out by a public authority or body;
the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale; or
the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

https://www.dataprotection.ie/en/organisations/know-your-obligations/data-protection-officers#:~:text=Under%20the%20GDPR%2C%20certain%20organisations,Data%20Protection%20Officer%20(DPO).&text=large%20scale%3B%20or-,the%20core%20activities%20of%20the%20controller%20or%20the%20processor%20consist,to%20criminal%20convictions%20and%20offences.

plodder

plodder wrote: »

I guess what they received wasn't a decryption key, but a Windows executable program including a decryption key, and they want to extract the key from it and use their own decryption tool. But, they also need to know the algorithm used.

That's interesting. On what program did you hear this?

RTE Radio One

kippy

ineedeuro wrote: »

https://www.csoonline.com/article/3510640/7-security-incidents-that-cost-cisos-their-jobs.html

Yes in the real World.
Of course as mentioned it can reinforce security in an organisation if someone else was blocking them. Then they should be fired.

People lives depend on the HSE, incompetence should not be allowed or people making excuses for it.

If you are gonna use links to back up your assertions, you need to make sure they back up your assertions.

gmisk

realdanbreen wrote: »

So we have CS/PS, HSE, NCSC, ICT, PS, and HEO!
I can tell from you're post that you speak with a D4/Dort accent!

The fact you can't understand those acronyms says more about you why not have a wild guess....
Nope I have a thick northern Ireland accent I am afraid.

ineedeuro

Deleted User wrote: »

they received a decryption key which is actually an algorithm, and the algorithm is flawed so they have to re-write it.

They also mentioned polymorphic encryption which is not a known feature of conti last I looked.

They are just using buzz words to try confuse the public.

DublinWriter

plodder wrote: »

I guess what they received wasn't a decryption key, but a Windows executable program including a decryption key, and they want to extract the key from it and use their own decryption tool. But, they also need to know the algorithm used.

What's even worse is that the ransomware encrypts the contents of each separate directory it discovers with different keys. Nightmarish on a group file-share with possibly 10,000s of directories.

realdanbreen

gmisk wrote: »

The fact you can't understand those acronyms says more about you why not have a wild guess....
Nope I have a thick northern Ireland accent I am afraid.

IKWYM !

AndrewJRenko

ineedeuro wrote: »

How is it tricky? you had the whole HSE shut down. Fairly easy to fire someone, they have put the lives of everyone in Ireland at risk.

If they had Xmillion to spend then what was it spent on? what wasn't it spent on. Why was the reasons they bought XYZ and not ABC?

Stop with the excuses, people need to stop accepting incompetence in the government and in the public services we pay for.

Which of these projects would you cancelled to support more investment in security?



And when that cancellation led to deaths in that area, who should be fired?

kippy

ineedeuro wrote: »

So how are you going to learn from it?
What do you think should be done?

We are going to learn the same things we do from most of these types of breaches.
The only way to have a 100 percent secure "system" is not to have one at all.


Ultimately even with all the money and resources thrown at it, systems can be broken and hacked.
If we learn one thing (as mentioned earlier) it will be around the fact that more needs to be done to apprehend and punish those that are behind such attacks.

plodder

Deleted User wrote: »

RTE Radio One

I was listening, and there was quite a bit of information on the bulletin. I was distracted a bit when I heard the reporter talking about having to "reverse engines" :rolleyes: so I may have missed it. Will listen back when it's online later. I've done some investigation of polymorphic encryption. It's a very niche area and I'd say not used in the commercial world much, if at all.

DublinWriter wrote:

What's even worse is that the ransomware encrypts the contents of each separate directory it discovers with different keys. Nightmarish on a group file-share with possibly 10,000s of directories.

They probably used a key generation algorithm to generate individual keys from a master key.

ineedeuro

gmisk wrote: »

You are being deliberately obtuse.
It clearly shows that CS/PS pay in tech roles cannot compete with the private sector, so key jobs go unfilled.
Who do you think is helping out (more than that tbh) and leading the response across the CS/PS with regards the HSE cyberattack....the NCSC...I am actually involved to a degree in the response you are clearly not.

I work in ICT in the PS...it is literally impossible to recruit decent ICT people even at HEO grades, the money is so poor compared to the private sector. I am speaking from personal experience.

At the moment how many jobs in Cyber Security are not filled for the HSE?
According to every website I check they have zero opening.

If you actually are involved you would not be saying anything on any forum. It is very very easy for someone to track you back from boards if required and you would be under a very tight NDA at the moment, which you are currently breaking and be fired.

Hurrache

plodder wrote: »

I was listening, and there was quite a bit of information on the bulletin. I was distracted a bit when I heard the reporter talking about having to "reverse engines" :rolleyes: so I may have missed it. Will listen back when it's online later. I've done some investigation of polymorphic encryption. It's a very niche area and I'd say not used in the commercial world much, if at all.

I thought he said reverse engineer.