Ransomware & HSE

plodder

Hurrache wrote: »

I thought he said reverse engineer.

That's definitely what was meant, but I'll listen back later to check.

From the horse's mouth

https://www.rte.ie/news/2021/0521/1222967-decryption-tool/

As one specialist put it "we have to take reverse engines and take one step back to move five steps forward."

Ash.J.Williams

The infrastructure required to prevent these attacks would be expensive , I wonder if IT submitted a proposal and it was rejected due to cost


That would be interesting

runawaybishop

ineedeuro wrote: »

and you would be under a very tight NDA at the moment, which you are currently breaking and be fired.

Lol, I'll have whatever you are drinking.

ineedeuro

kippy wrote: »

We are going to learn the same things we do from most of these types of breaches.
The only way to have a 100 percent secure "system" is not to have one at all.


Ultimately even with all the money and resources thrown at it, systems can be broken and hacked.
If we learn one thing (as mentioned earlier) it will be around the fact that more needs to be done to apprehend and punish those that are behind such attacks.

No system is 100%.
But if the Department of Health could identify it and the HSE couldn't you think something went a little wrong?

Ash.J.Williams

Ash.J.Williams wrote: »

The infrastructure required to prevent these attacks would be expensive , I wonder if IT submitted a proposal and it was rejected due to cost


That would be interesting

Do you, or anyone else, have any idea what method was used to gain access?

Was it a simple phishing attack, or something more sophisticated? Does the HSE even know?

kippy

ineedeuro wrote: »

At the moment how many jobs in Cyber Security are not filled for the HSE?
According to every website I check they have zero opening.

If you actually are involved you would not be saying anything on any forum. It is very very easy for someone to track you back from boards if required and you would be under a very tight NDA at the moment, which you are currently breaking and be fired.

I don't think any civil service department recruits people in "Cyber Security" - as in that's not how the Civil service recruit people.

gmisk

ineedeuro wrote: »

At the moment how many jobs in Cyber Security are not filled for the HSE?
According to every website I check they have zero opening.

If you actually are involved you would not be saying anything on any forum. It is very very easy for someone to track you back from boards if required and you would be under a very tight NDA at the moment, which you are currently breaking and be fired.

It's reassuring you are as clueless about NDAs as with everything else. Hilarious really.

kippy

ineedeuro wrote: »

No system is 100%.
But if the Department of Health could identify it and the HSE couldn't you think something went a little wrong?

Of course something "went wrong".
Have I said that it's obvious from this that nothing "went wrong".

Keyzer

ineedeuro wrote: »

Who is baying for blood?
I am asking for answers. Not the lies we are hearing from the HSE , RTE & government. They will never do a detailed investigation if everyone sits back and waits.

How long are you willing to wait and get answers? weeks? months? years?
Anyone that is paying tax is currently paying for the HSE, yet as usual people want to roll out and let them away with the shambles that it is. From the top to bottom it is a mess and this is just another example. Yet we still have people making excuse.

If this was a private company/hospital. Do you honestly think nobody would be fired on the spot? or they would just pat them on the back for another f**k up and continue on?

You are, you've said people should be fired.

With all due respect, you seem to be reacting rather emotionally to this situation. It could very take months, perhaps years, to get a detailed report on what happened.

Why sack people who have years of inherent knowledge and experience with HSE IT systems when you're in crisis mode trying to recover critical systems? Makes absolutely no sense at all. From my experience, that's the worst possible thing to do in a situation like this, at this moment in time.

Calm heads are required for situations like this.

ineedeuro

kippy wrote: »

I don't think any civil service department recruits people in "Cyber Security" - as in that's not how the Civil service recruit people.

The HSE has a link to ICT and plenty of jobs. Digital communications, HR, Operations etc etc etc.
Even has a Data Protection job listed which is has a dotted linked to Cyber Security.

Not a single Cyber Security position available.

Seth Brundle

ineedeuro wrote: »

The HSE has a link to ICT and plenty of jobs. Digital communications, HR, Operations etc etc etc.
Even has a Data Protection job listed which is has a dotted linked to Cyber Security.

Not a single Cyber Security position available.

Are you making a point or just giving out?

kippy

ineedeuro wrote: »

The HSE has a link to ICT and plenty of jobs. Digital communications, HR, Operations etc etc etc.
Even has a Data Protection job listed which is has a dotted linked to Cyber Security.

Not a single Cyber Security position available.

As I said they don't generally recruit for a roles labeled with Cyber Security.

ineedeuro

Keyzer wrote: »

You are, you've said people should be fired.

With all due respect, you seem to be reacting rather emotionally to this situation. It could very take months, perhaps years, to get a detailed report on what happened.

Why sack people who have years of inherent knowledge and experience with HSE IT systems when you're in crisis mode trying to recover critical systems? Makes absolutely no sense at all. From my experience, that's the worst possible thing to do in a situation like this, at this moment in time.

Calm heads are required for situations like this.

Keeping bad people in jobs just because they know the "way things work" is not really an advantage? if someone is incompetent before the breech do you think suddenly they are not going to be incompetent moving forward?

I also didnt say they need to be fired this week, of course they might be some use to Madiant but if we are 6 months down the road and not a single person has lost their job then questions need to be asked.

ineedeuro

kippy wrote: »

As I said they don't generally recruit for a roles labeled with Cyber Security.

So what do they call them?
If so can you point to those positions available in the HSE. I have checked the website and I can find nothing to suggest any role is Security related.

kippy

ineedeuro wrote: »

So what do they call them?
If so can you point to those positions available in the HSE. I have checked the website and I can find nothing to suggest any role is Security related.

Generally, but not always,
HEO - ICT

They would tend to have groups fully responsible for security made up of internal staff who would have been in the service for a while and have shown some interest and gained some qualifications in security, backed up by third party consultants if required from time to time.

As I said though, if you work in IT, you have a responsibility for security - it's not just a "Oh that group do all the security over there - we just do our own thing" - like it is in most organisations.

Hurrache

ineedeuro wrote: »

So what do they call them?
If so can you point to those positions available in the HSE. I have checked the website and I can find nothing to suggest any role is Security related.

And you think that means they have none?

plodder

ineedeuro wrote: »

Keeping bad people in jobs just because they know the "way things work" is not really an advantage? if someone is incompetent before the breech do you think suddenly they are not going to be incompetent moving forward?

It sounds like the HSE's IT people are doing a pretty good job at this point. Someone pointed out they had basically recreated some diagnostic system using old Linux PCs. Deploying something like that in a hospital in a matter of days would have been unthinkable two weeks ago. It shows the depth of the crisis, and how it's more like a war zone than normality.

Maybe they had under-invested in security going back years. Doesn't automatically mean anyone deserves the sack.

ineedeuro

Hurrache wrote: »

And you think that means they have none?

It's been posted here that ther HSE cannot hire any Security people because of the terrible pay they have on offer.

Every other department including ICT have a huge array of jobs listed on the HSE website. Every type of job you can imagine.
Are we now trying to say that Security in the HSE is the only division which doesn't advertise jobs via the main website? you would think if they find it so difficult to hire people they would use any means at their disposal?

gmisk

ineedeuro wrote: »

So what do they call them?
If so can you point to those positions available in the HSE. I have checked the website and I can find nothing to suggest any role is Security related.

Generally with ICT they take people of specialist ICT panels at AP, HEO and EO level, these are from competitions ran by PAS but there is fierce competition between departments for these people. These are much better in my experience than the generalist panels.
With HEO there are 4 streams in the recent competition, cyber security would be under one if not two of those categories.

The fact the NCSC couldn't fill a cyber security role in over a year, tells you that the issue is at least partially due to the pay.

I darent say anymore for fear of breaking my NDA......lol

Ash.J.Williams

No disrespect to the hse but in my personal opinion network and security should get outsourced to an industry leader

notAMember

Ash.J.Williams wrote: »

No disrespect to the hse but in my personal opinion network and security should get outsourced to an industry leader

This is not something you buy off the shelf, like an anti-virus product.

Security is governance.

Ash.J.Williams

notAMember wrote: »

This is not something you buy off the shelf, like an anti-virus product.

Security is governance.

That has nothing to do with what I said


However to add to it ....let the hse govern and let an industry leader own the network/security/backups

nc6000

We should be making noises about expelling the Russian embassy staff from Ireland. I don't think it would keep Putin up at night but we have to stick up for ourselves somehow. It sounds like the Russian government know what these guys are up to and turn a blind eye.

Keyzer

ineedeuro wrote: »

Keeping bad people in jobs just because they know the "way things work" is not really an advantage? if someone is incompetent before the breech do you think suddenly they are not going to be incompetent moving forward?

I also didnt say they need to be fired this week, of course they might be some use to Madiant but if we are 6 months down the road and not a single person has lost their job then questions need to be asked.

Ok... maybe just have a herbal tea and chill out.

kippy

ineedeuro wrote: »

Keeping bad people in jobs just because they know the "way things work" is not really an advantage? if someone is incompetent before the breech do you think suddenly they are not going to be incompetent moving forward?

I also didnt say they need to be fired this week, of course they might be some use to Madiant but if we are 6 months down the road and not a single person has lost their job then questions need to be asked.

It won't happen.

seamus

ineedeuro wrote: »

No system is 100%.
But if the Department of Health could identify it and the HSE couldn't you think something went a little wrong?

You're imagining that the Dept. of Health has a fancy operations room where all the lights went red and a big message flashed up saying "INTRUSION DETECTED", then someone typed furiously on a keyboard and all was well.

More likely someone in the DoE happened to stumble across something by pure chance and went, "Hmm, that's a bit weird, I'm going to shut this server down just in case". That's usually what happens. Or some application/system starts throwing errors and someone happens to be quick enough to spot it and turn it off.

There's a reason they tend to kick these things off in early hours.

Ash.J.Williams

notAMember wrote: »

This is not something you buy off the shelf, like an anti-virus product.

Security is governance.

seamus wrote: »

You're imagining that the Dept. of Health has a fancy operations room where all the lights went red and a big message flashed up saying "INTRUSION DETECTED", then someone typed furiously on a keyboard and all was well.

More likely someone in the DoE happened to stumble across something by pure chance and went, "Hmm, that's a bit weird, I'm going to shut this server down just in case".

A blue screen or a bios looking screen probably meaning it’s too late

frozenfrozen

Why fire anyone when they just spent xxx million training them

Seth Brundle

nc6000 wrote: »

We should be making noises about expelling the Russian embassy staff from Ireland. I don't think it would keep Putin up at night but we have to stick up for ourselves somehow. It sounds like the Russian government know what these guys are up to and turn a blind eye.

So create an unnecessary diplomatic incident and piss off a government that may be able to help us just because you think it might show that we're a force to be reckoned with?
Good luck with that :rolleyes:

nc6000

Seth Brundle wrote: »

So create an unnecessary diplomatic incident and piss off a government that may be able to help us just because you think it might show that we're a force to be reckoned with?
Good luck with that :rolleyes:

I never said it might show us as a force to be reckoned with. What exactly have Russia done to help us with this so far? It's just over a week now since the HSE announced the hack. If Russia helped us to get the decryption file then what took them so long? It was obvious last weekend that this was going to cause huge disruption.