Ransomware & HSE

MrMusician18

AndrewJRenko wrote: »

The people who are posting here that there are loads of generous, altruistic lads ready to hand over a seven figure sum are the ones who must know who they are. If you know people who are ready to do this, name them - give us some examples of these people. Without names, they're just spoofing.


Who specifically should be fired for this?



Garda have existing lines in their budget for all their operations.

HSE and DoH don't have an existing budget line for paying ransoms, so the money is going to have to come from somewhere. That kind of money doesn't get hidden in accounts. If you've ever lived through a C&AG audit you'll know that you don't get to hide anything from them, let alone a seven-figure sum.

Let's just tease out this 'paying through a third party'. You think someone like Robert Watt is going to personally authorise a seven-figure payment to a third party, and just trust that they're going to do the right thing? Or is there going to be a contract, signed off by the AG, to require the third party to pay a ransom that breaches all kinds of legislation, procedure and policies? What if the third-party says 'ah yeah, I paid that over to the Russians, did they not sort ye out yet? Sure that's shocking, shocking I tell you' as they book their flights to Switzerland to start a new life off the Government's generousity.

It ain't going to happen.

The HSE and DOH don't but the Gardai and Defence forces do. In fact any mention of dealing with the criminals is being deflected by the HSE saying it is now a criminal and Garda matter.

If the government wants to pay it they have the means and the method. As I said, I don't believe they will, but they could. The C&AG, :rolleyes: As if they have any clue where the Garda intelligence budget goes as an example. It's a line item expense that is what it is and that's it. It's amazing what can be hidden under a "security" heading in accounts - ask any building contractor that works in a dodgy area.

cadaliac

MrMusician18 wrote: »

The HSE and DOH don't but the Gardai and Defence forces do. In fact any mention of dealing with the criminals is being deflected by the HSE saying it is now a criminal and Garda matter.

If the government wants to pay it they have the means and the method. As I said, I don't believe they will, but they could. The C&AG, :rolleyes: As if they have any clue where the Garda intelligence budget goes as an example. It's a line item expense that is what it is and that's it. It's amazing what can be hidden under a "security" heading in accounts - ask any building contractor that works in a dodgy area.

Are you making this up as you go?

cadaliac

cadaliac wrote: »

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...

Everything leaves a trace including covering your tacks, as it's impossible to really do so, but until a full review is done who knows how long.

ineedeuro

AndrewJRenko wrote: »

The people who are posting here that there are loads of generous, altruistic lads ready to hand over a seven figure sum are the ones who must know who they are. If you know people who are ready to do this, name them - give us some examples of these people. Without names, they're just spoofing.


Who specifically should be fired for this?



Garda have existing lines in their budget for all their operations.

HSE and DoH don't have an existing budget line for paying ransoms, so the money is going to have to come from somewhere. That kind of money doesn't get hidden in accounts. If you've ever lived through a C&AG audit you'll know that you don't get to hide anything from them, let alone a seven-figure sum.

Let's just tease out this 'paying through a third party'. You think someone like Robert Watt is going to personally authorise a seven-figure payment to a third party, and just trust that they're going to do the right thing? Or is there going to be a contract, signed off by the AG, to require the third party to pay a ransom that breaches all kinds of legislation, procedure and policies? What if the third-party says 'ah yeah, I paid that over to the Russians, did they not sort ye out yet? Sure that's shocking, shocking I tell you' as they book their flights to Switzerland to start a new life off the Government's generousity.

It ain't going to happen.

As I said earlier, people are allowed their own opinions. You have a different one which is great but doesn’t mean you are right

You know nothing more than everyone else unless you work for government? Or HSE? Do you work for either?

MrMusician18

cadaliac wrote: »

Are you making this up as you go?

making what up? That the c&ag doesn't know what drug dealers the Garda are paying off? (They don't.) That there are major construction companies paying protection money to stop their site being cleaned out? (There are) Are you that naive? In the real world it isn't always possible to uphold your principles when the greater good is at stake.

Do you not believe that the State could pay it if they wanted to? Of course it could be done. That's not to say it will be done, but the State absolutely could if it chooses to do so.

ineedeuro

ineedeuro wrote: »

As I said earlier, people are allowed their own opinions. You have a different one which is great but doesn’t mean you are right

You know nothing more than everyone else unless you work for government? Or HSE? Do you work for either?

Who got sacked in FireEye when they got hacked and a lot of their information and tools was suspected of being used to hack into various government departments in the U.S. and other companies?

fryup

skimpydoo wrote: »

No way shadow and dark budgets go as high as twenty million.

BUT how do we know?

ineedeuro

DubInMeath wrote: »

Who got sacked in FireEye when they got hacked and a lot of their information and tools was suspected of being used to hack into various government departments in the U.S. and other companies?

Private company, no idea.

HSE picked FireEye, you have a couple of companies who run similar services who haven’t been hacked so why was FireEye picked over those alternatives?

More incompetence from HSE in picking FireEye you think?

ineedeuro

cadaliac wrote: »

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...

It has been suggested but not confirmed. It would seems the hackers had free reign over the HSE network. Typically they would not just break in and then deploy the ransom ware, instead they will move around and make sure it has the greatest affect

Hence why you seem such an outage for the HSE. Also based on the government & HSE saying the hacker knew execetly it was HSE and who they would be hurting you expect this is confirming they had been in the system for weeks

I think when this does come out it will be longer than two weeks in the network without a single department of HSE and hospitals detecting them.

ineedeuro

ineedeuro wrote: »

Private company, no idea.

HSE picked FireEye, you have a couple of companies who run similar services who haven’t been hacked so why was FireEye picked over those alternatives?

More incompetence from HSE in picking FireEye you think?

I can answer the first question, most likely no one.

As for incompetence, you are the one claiming that FireEye are not.
How did you reach this conclusion given how they are a security firm and they were hacked?

ineedeuro

DubInMeath wrote: »

I can answer the first question, most likely no one.

As for incompetence, you are the one claiming that FireEye are not.
How did you reach this conclusion given how they are a security firm and they were hacked?

I have no idea why people think that nobody ever gets fired. In the real world people get fired all the time. Especially in America where employees have no where near the right ireland has

I had no idea FireEye was hacked. I expected a company built to stop hackers would be able to stop them.

I said that FireEye will not leave the hackers in the network when they leave which is correct, I hope. Do you think they are not up to the job? Is it’s another poor decision by the HSE? is that what you are saying

ineedeuro

DubInMeath wrote: »

I can answer the first question, most likely no one.

As for incompetence, you are the one claiming that FireEye are not.
How did you reach this conclusion given how they are a security firm and they were hacked?

Quick read of the FireEye hack, it was down to the SolarWinds flaw which was a zero day event and affected thousands of companies all over the World. FireEye actually discovering the issue when trying to figure out how they got hacked. So they seem to have good people.

Why do you think they are not up to the task in HSE?

ineedeuro

ineedeuro wrote: »

Quick read of the FireEye hack, it was down to the SolarWinds flaw which was a zero day event and affected thousands of companies all over the World. FireEye actually discovering the issue when trying to figure out how they got hacked. So they seem to have good people.

Why do you think they are not up to the task in HSE?

I wouldn't claim that a company is competent like you did with out actually knowing that they are, why do you believe that the I.T. staff in the HSE which includes a large number of contractors from private companies are incompetent?

Solarwinds was caused by another private firm being hacked. Looking like plenty of incompetence across them going by your own standard.

degsie

Of course rogue admins should never be considered when it comes to dishing out blame, however it does happen.

Hibernicis

Turtwig wrote: »

Dark budgets exist in many nations. While I don't know if Ireland has one, I think it's not beyond the realm of possibility that we do have some element of finances that can be paid without any official public records kept.

It's called the Secret Service Vote (Vote 15). It is audited by the C&AG, but only the number is published, not the expenditure details. Vote (budget) for 2019 was €1.25m and the outturn was was €984k with the surplus €266k returned to the exchequer, see here. The vote was €2m in 2020 and the same in 2021.

Wombatman

cadaliac wrote: »

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...

Two weeks wouldn't be an unusual dwell time for this type of attack based of average dwell times. Early detection impacts average dwell time statistics. In this case detection was after the attack which usually coincides with a longer dwell time.

kippy

ineedeuro wrote: »

I have no idea why people think that nobody ever gets fired. In the real world people get fired all the time. Especially in America where employees have no where near the right ireland has

I had no idea FireEye was hacked. I expected a company built to stop hackers would be able to stop them.

I said that FireEye will not leave the hackers in the network when they leave which is correct, I hope. Do you think they are not up to the job? Is it’s another poor decision by the HSE? is that what you are saying

People get fired.
We know this. However it is usually on the back of due process and a hell of a lot of boxes being ticked.
People generally don't get fired 'all the time' however, especially in Ireland and especially in the public sector.

Dempo1

I'm watching Simon Harris on the week in politics, it seems he's now Minister for Cyber Security along with everything else that has NOTHING to do with him. (albeit, wasn't he health minister when questions raised about vulnerabilities?????

SF Spokesperson hoping Garda Stations fully resourced for the anticipated deluge of panicked citizens expecting their medical data being released onto the Dark Web

Labour spokesperson mumbled something incoherent

All terribly inspiring stuff

jmayo

AndrewJRenko wrote: »

How many people do you think would be involved in making a payment of €20 million from the hospital project account AND converting that into bitcoin AND paying the bitcoin over to the Russian lads. What happens when the project accountants start adding things up and doing their bank rec? What happens when the C&AG land at the end of the year?

No back-channel is going to front a €20 million for us.

Oh I forgot you know everything about the new National Children's Hospital :rolleyes:

Jaysus you must have had the humour gene removed at some stage.

I don't think a ransom was paid, but dismissing it because it can't be done somewhat on the QT is making big assumptions.

Maybe they used Michael's wife's bank account.

ineedeuro wrote: »

As I said earlier, people are allowed their own opinions. You have a different one which is great but doesn’t mean you are right

You know nothing more than everyone else unless you work for government? Or HSE? Do you work for either?

Well they often come on defending government, Dept of Health and HSE, always with regard new Childrens Hospital, so I do think there is connection somewhere.

ineedeuro

kippy wrote: »

People get fired.
We know this. However it is usually on the back of due process and a hell of a lot of boxes being ticked.
People generally don't get fired 'all the time' however, especially in Ireland and especially in the public sector.

Yes and we have a massively dysfunctional public sector. Mostly down to incompetent staff and a public who don't demand any better.
The "ahh sure they are doing the best they can" excuse is thrown out for everything.

ineedeuro

DubInMeath wrote: »

I wouldn't claim that a company is competent like you did with out actually knowing that they are, why do you believe that the I.T. staff in the HSE which includes a large number of contractors from private companies are incompetent?

Solarwinds was caused by another private firm being hacked. Looking like plenty of incompetence across them going by your own standard.

I would have expected with the huge critical situation the HSE was in they would have brought in competent professionals which if you look at FireEye they seem to specialise in this area.
You seem to think they are not because they got hit with a zeroday vulnerability, one which was only identified after the attack by FireEye. I am not defending FireEye by the way. If the HSE picked FireEye in the knowledge they had been hit with an attack why wasn't alternatives looked at? quick search shows multiple large organisations offer similar services.

The HSE was not a zero day and the hacker managed to walk around the HSE network/systems for weeks without anyone in the HSE identifying them. They could have sat for years and would the HSE have figured it out? they only made the discovery after they released the Ransomware.
Do you think that is a sign of competence?

Wombatman

cadaliac wrote: »

I have to ask a stupid question - how do we know that "they" were lurking around the network for 2 weeks?
Has this been confirmed ? Or, is this just more hearsay and conjecture?
Is there any evidence of this?
If they were or proven to be already inside the domain for 2 weeks, how was this detected?
Otherwise, pure speculation...

Unknown to anyone the hackers had already been in the IT systems before this for at least a week.

https://www.rte.ie/news/analysis-and-comment/2021/0523/1223337-cyber-attack-hse/

Sierra Oscar

Turtwig wrote: »

Dark budgets exist in many nations. While I don't know if Ireland has one, I think it's not beyond the realm of possibility that we do have some element of finances that can be paid without any official public records kept. The HSE and DOH wouldn't even be told about it. Though they may suss it.

The screenshots of the conversation portal between Wizard Spider / ContiLocker Team and the HSE have been leaked and are all over the Sunday papers. Clearly show no ransom has been paid as of yet.

The ransom demand is to prevent the publication of the data, not to keep the HSE systems crippled. You can clearly see from the conversations that the decryption key was provided to demonstrate that they orchestrated the attack and have the means to leak the data.

The HSE / Government won't pay any ransom to prevent the publication of the data. They'll just try suppress its circulation as best they can.

radiospan

Anyone know how media here were reporting the group told the HSE the ransom should be paid in bitcoin?

I've no doubt that's their preferred method, and all previous ransom payments were made in bitcoin, no doubt it would need to be in bitcoin if the HSE did want to pay it, but from the negotiations I see there is no mention of bitcoin.

Small point really, just a question about where the media were fed that bitcoin line from.

ineedeuro

radiospan wrote: »

Anyone know how media here were reporting the group told the HSE the ransom should be paid in bitcoin?

I've no doubt that's their preferred method, and all previous ransom payments were made in bitcoin, no doubt it would need to be in bitcoin if the HSE did want to pay it, but from the negotiations I see there is no mention of bitcoin.

Small point really, just a question about where the media were fed that bitcoin line from.

You could guess it is bitcoin and 99.9% of the time you are right.

ineedeuro

It's funny but UCD are pushing this course all over social media. Maybe hoping a few in the HSE trying to skill up

https://www.ucd.ie/professionalacademy/findyourcourse/professional-diploma-cybersecurity/?utm_source=facebook&utm_medium=paid_social&utm_campaign=a%26c_UCD_PA_Prospecting_Cyber_All_Leads&utm_content=PA_Cyber_Interest_Cyber_All_L&Ad=Img_Cyber_Industry_M_L&fbclid=IwAR3LA4_bkgxcrDU_y7UbnIDpRJtM3FKZepOpMoEfvVSsXuJK62_L1Yxypsk

AndrewJRenko

ineedeuro wrote: »

As I said earlier, people are allowed their own opinions. You have a different one which is great but doesn’t mean you are right

You know nothing more than everyone else unless you work for government? Or HSE? Do you work for either?

Yes, I work for the Government, though not in the HSE. I've lived through C&AG audits and seen the level of detail they require. I've seen how Accounting Officers (the most senior person in each Department or organisation, with personal responsibility for spending) ensure that they have legislative backing for all spending. I've seen how payments are actually made, and how many staff are involved in making an actual payment.

AndrewJRenko

ineedeuro wrote: »

Yes and we have a massively dysfunctional public sector. Mostly down to incompetent staff and a public who don't demand any better.
The "ahh sure they are doing the best they can" excuse is thrown out for everything.

Every international comparison disagrees with you. Ireland has come out very well on international scorecards for eGovernment in recent years.

AndrewJRenko

MrMusician18 wrote: »

The HSE and DOH don't but the Gardai and Defence forces do. In fact any mention of dealing with the criminals is being deflected by the HSE saying it is now a criminal and Garda matter.

If the government wants to pay it they have the means and the method. As I said, I don't believe they will, but they could. The C&AG, :rolleyes: As if they have any clue where the Garda intelligence budget goes as an example. It's a line item expense that is what it is and that's it. It's amazing what can be hidden under a "security" heading in accounts - ask any building contractor that works in a dodgy area.

The total budget for Garda informers is less than €1 million. It wouldn't come near covering the ransom.

ineedeuro

AndrewJRenko wrote: »

Yes, I work for the Government, though not in the HSE. I've lived through C&AG audits and seen the level of detail they require. I've seen how Accounting Officers (the most senior person in each Department or organisation, with personal responsibility for spending) ensure that they have legislative backing for all spending. I've seen how payments are actually made, and how many staff are involved in making an actual payment.

So you work in the government department with information which the general public don’t have and probably shouldn’t have yet you feel the need to post it on a website which anyone can read across the World?

The mind boggles that anyone would think that’s a good idea. I’m sure you have sat in training which would detail what you should/shouldn’t be talking about in public places?