Ransomware & HSE

kippy

ineedeuro wrote: »

So you work in the government department with information which the general public don’t have and probably shouldn’t have yet you feel the need to post it on a website which anyone can read across the World?

The mind boggles that anyone would think that’s a good idea. I’m sure you have sat in training which would detail what you should/shouldn’t be talking about in public places?

What is up with you - seriously?
What information has the poster released that isn't in the public domain already (if you want to find it)

kippy

ineedeuro wrote: »

Yes and we have a massively dysfunctional public sector. Mostly down to incompetent staff and a public who don't demand any better.
The "ahh sure they are doing the best they can" excuse is thrown out for everything.

I don't see how any of this is related to the current situation.
You really think that if the civil/public service was so dysfunctional from an IT security standpoint they'd have managed to get to 2021 without being hit by an attack such as this?
There are various attacks attempts on the civil/public service on a daily basis. None of which get through.


You're obsessed with firing people.
It's rarely that easy to fire anyone without all the relevant steps being followed - for good reason.

MontgomeryClift

So Russian hackers (funny how it's always the Russians hacking stuff now) not only broke into the HSE records but encrypted all or or almost all of them then left them in place?

And the HSE didn't have any kind of offline backup, even partial backups or slightly out-of-date backups from which to work? Not only that but they had no paper records to work from, and they can't proceed with appointments using paper records with a view to committing those records to the system when it returns?

Now it seems the hackers are relenting and will provide the decryption key? That's nice of them.

Oh, what's this! The World Economic Forum released a video back in January this year warning of "A cyber-attack with COVID-like characteristics?" What powers of prediction they have.

https://www.youtube.com/watch?v=-0oZA1B3ooI

AndrewJRenko

ineedeuro wrote: »

So you work in the government department with information which the general public don’t have and probably shouldn’t have yet you feel the need to post it on a website which anyone can read across the World?

The mind boggles that anyone would think that’s a good idea. I’m sure you have sat in training which would detail what you should/shouldn’t be talking about in public places?

What information did I reveal that wasn't in the public domain? There is a big difference between public domain knowledge and your own knowledge of how the public service works.

Cordell

MontgomeryClift wrote: »

So Russian hackers (funny how it's always the Russians hacking stuff now) not only broke into the HSE records but encrypted all or or almost all of them then left them in place?

And the HSE didn't have any kind of offline backup, even partial backups or slightly out-of-date backups from which to work? Not only that but they had no paper records to work from, and they can't proceed with appointments using paper records with a view to committing those records to the system when it returns?

Now it seems the hackers are relenting and will provide the decryption key? That's nice of them.

Oh, what's this! The World Economic Forum released a video back in January this year warning of "A cyber-attack with COVID-like characteristics?" What powers of prediction they have.

https://www.youtube.com/watch?v=-0oZA1B3ooI

There is nothing funny. Russia has a log tradition of software piracy and hacking, they have the people with skill but not the law enforcement and consequences.
They are trying to undo the harm because these lads are trying to be seen as some kind of robin hoods, not the arseholes that they really are.

fryup

and when you have a corrupt regime headed by a thug like Putin doesn't make for high standards for their citizens to follow

ineedeuro

kippy wrote: »

What is up with you - seriously?
What information has the poster released that isn't in the public domain already (if you want to find it)

I just find it baffling that people want to boast about their work on a public forum and discuss details of it.

All for what? Try to say your are right and a complete stranger is wrong?

I think you will find anyone that is actually in any sort of senior position won’t be boasting about it on boards. P.S not trying to say I’m in a senior position, far from it.

Plus you will find most people have no idea about the information they are sharing, we don’t spend week trawling the web to find out, but no need to just read boards and follow the poster.

ineedeuro

Cordell wrote: »

There is nothing funny. Russia has a log tradition of software piracy and hacking, they have the people with skill but not the law enforcement and consequences.
They are trying to undo the harm because these lads are trying to be seen as some kind of robin hoods, not the arseholes that they really are.

China in reality are way ahead of Russia. Some are a lot of Eastern European countries who have lots of hackers, we just don’t hear about them because the Americans tell us China/Russia are bad

Also historically a lot of hackers came from the US. They seem to have all disappeared if you believe the press

kippy

ineedeuro wrote: »

I just find it baffling that people want to boast about their work on a public forum and discuss details of it.

All for what? Try to say your are right and a complete stranger is wrong?

I think you will find anyone that is actually in any sort of senior position won’t be boasting about it on boards. P.S not trying to say I’m in a senior position, far from it.

Plus you will find most people have no idea about the information they are sharing, we don’t spend week trawling the web to find out, but no need to just read boards and follow the poster.

You'd want to take anything you read on the internet with a pinch of salt.

ineedeuro

kippy wrote: »

You'd want to take anything you read on the internet with a pinch of salt.

So it goes back to my original point, everyone is entitled to an opinion and nobody should be shutting down other posters

kippy

ineedeuro wrote: »

So it goes back to my original point, everyone is entitled to an opinion and nobody should be shutting down other posters

It's the internet. Everyone can have an opinion......the earth is flat.....the vaccine contains trackers etc etc however opinions that have no basis in reality can and should be set aside.

Your opinion is organisations should and do fire people without due process.
Anyone who has ever worked anywhere will know that doesn't happen.


The internet is great and everything but it has allowed those with some of the daftest viewpoints out there gain traction and use the kind of logic like you are applying to say their opinion is valid.

Tow

Tow wrote: »

If a ransom was paid it would only take one person. You also have to remember that ~$20M was the opening amount, which would have been greatly reduced during any possible negotiations. Reduced enough to get the key, but not enough to stop the data being published! I can think of private individuals in Irish IT who could pay several million out of their own pocket without any difficulty. The reality is we don't know the full story, hopefully if was adverse publicity or pressure from other sources on the hackers which caused them to supply the key.

A former boss of mine, director of Security for a major software company had no limit on his corporate credit card, in case of business continuity requirements. For example example, an office gets destroyed by fire or natural disaster, he needed to be able to buy X number of replacement servers, its conceivable he could be instructed to pay such a ransom.

kippy

kippy wrote: »

It's the internet. Everyone can have an opinion......the earth is flat.....the vaccine contains trackers etc etc however opinions that have no basis in reality can and should be set aside.

Your opinion is organisations should and do fire people without due process.
Anyone who has ever worked anywhere will know that doesn't happen.


The internet is great and everything but it has allowed those with some of the daftest viewpoints out there gain traction and use the kind of logic like you are applying to say their opinion is valid.

Jo Brand: Opinions are like arseholes. Everyone has one.

Funnily enough, except one poster I know.

kippy

ineedeuro wrote: »

I never anything of the sort, so why are you lying?

As I said from the start the HSE should have a security assessment, they should have the details of what they should/shouldn’t be spending money

If they got money and spent it incorrect then CISO/head of security should be fired. If the ciso was blocked by a CEO/CFO from spending the money and can show he highlighted the risk then the CEO/CFO should be fired

If people in the ground are found to not have done their job then they should be fired.

You have an issue with people having accountability and if proved they are incompetent you would prefer just to keep them. That’s just crazy because in 6 months time the HSE will be back exactly in the same position they are now.

I have no issues with accountability.
Let's apply some logic to your last statement.
If thing we're that poor in the HSE or the public service in general why have they managed to avoid a major issue such as this for so long?

Also, go back a few pages, you had no mention of process when it came to firing people.

AndrewJRenko

ineedeuro wrote: »

So it goes back to my original point, everyone is entitled to an opinion and nobody should be shutting down other posters

You're entitled to your own opinion. You're not entitled to your own facts.

Cordell

ineedeuro wrote: »

China in reality are way ahead of Russia. Some are a lot of Eastern European countries who have lots of hackers, we just don’t hear about them because the Americans tell us China/Russia are bad

A lot of EE countries have scammers and crackers and hackers indeed. These lads that cracked HSE systems are russians, I don't see why there is a problem admitting that.

ineedeuro wrote: »

Also historically a lot of hackers came from the US. They seem to have all disappeared if you believe the press

Back in the day, when hacker meant something positive.

XVII

ineedeuro wrote: »

China in reality are way ahead of Russia. Some are a lot of Eastern European countries who have lots of hackers, we just don’t hear about them because the Americans tell us China/Russia are bad

Also historically a lot of hackers came from the US. They seem to have all disappeared if you believe the press

uff a bit of sense in the thread for once.

but eh let them believe it's russians just because some random dude said it in rte article.

AndrewJRenko

ineedeuro wrote: »

I just find it baffling that people want to boast about their work on a public forum and discuss details of it.

All for what? Try to say your are right and a complete stranger is wrong?

I think you will find anyone that is actually in any sort of senior position won’t be boasting about it on boards. P.S not trying to say I’m in a senior position, far from it.

Plus you will find most people have no idea about the information they are sharing, we don’t spend week trawling the web to find out, but no need to just read boards and follow the poster.

Any chance you could answer the question you were asked, as to what information I revealed that wasn't in the public domain?

ineedeuro

AndrewJRenko wrote: »

You're entitled to your own opinion. You're not entitled to your own facts.

When did I ever say what I was posting was facts?

I have said numerous times I entitled to my opinion like other posters.

ixoy

MontgomeryClift wrote: »

And the HSE didn't have any kind of offline backup, even partial backups or slightly out-of-date backups from which to work?

I believe they do have backups but, if you back up the version that's got the malware on it, you just risk it being encrypted again. You need to ensure you bring up a clean version of all infected system.

Not only that but they had no paper records to work from, and they can't proceed with appointments using paper records with a view to committing those records to the system when it returns?

It's not just making appointments. They need access to patient history, which is where they're locked out from. They don't have paper records for all of this because that's what they had digital records for. People don't keep a hardcopy of everything.

Oh, what's this! The World Economic Forum released a video back in January this year warning of "A cyber-attack with COVID-like characteristics?" What powers of prediction they have.

Not sure what your point is here? Everyone knows the risk of cyber attacks. It's what you can do to mitigate against them with the resources and knowledge that you have. We do not know yet what the HSE's IT division wanted to achieve, what they could achieve realistically with the budget they were allocated (almost certainly less than they wanted) and what they did achieve with their budget, especially within the framework off being a large government body with specialised equipment that has rigorous upgrade and testing procedures.

AndrewJRenko

ineedeuro wrote: »

When did I ever say what I was posting was facts?

I have said numerous times I entitled to my opinion like other posters.

You said that 'the HSE lied' as if it were a fact, which it's not.

You suggested that I was posting confidential information here, which I'm not.

PintOfView

ineedeuro wrote: »

So you work in the government department with information which the general public don’t have and probably shouldn’t have yet you feel the need to post it on a website which anyone can read across the World?

The mind boggles that anyone would think that’s a good idea. I’m sure you have sat in training which would detail what you should/shouldn’t be talking about in public places?

As an observer of this conversation I can't see what sensitive information the other poster revealed,
apart from saying that audits seem to be thorough,
and spending seemed to be fairly well controlled and accounted for!!

You're hardly suggesting that's a sacking offence,
or the government wouldn't want us knowing that?

ineedeuro

AndrewJRenko wrote: »

You said that 'the HSE lied' as if it were a fact, which it's not.

You suggested that I was posting confidential information here, which I'm not.

It’s not a zero day, this has been discussed multiple times on the thread and a link provided which shows other people also question it

I never accused you of releasing confidential information

ineedeuro

Cordell wrote: »

A lot of EE countries have scammers and crackers and hackers indeed. These lads that cracked HSE systems are russians, I don't see why there is a problem admitting that.



Back in the day, when hacker meant something positive.

When exactly was hacking a positive?

AndrewJRenko

ineedeuro wrote: »

It’s not a zero day, this has been discussed multiple times on the thread and a link provided which shows other people also question it

Other people are indeed questioning this. Nothing wrong with questioning this. As far as I can, there is no definitive information available to say that it is or it isn't a zero day exploit.

So to say that 'the HSE lied' has no basis in fact.

ineedeuro wrote: »

I never accused you of releasing confidential information

Remember this post where you referred to " information which the general public don’t have and probably shouldn’t have" and "training which would detail what you should/shouldn’t be talking about in public places"?

That was when you accused me of posting confidential information.

kippy

ineedeuro wrote: »

When exactly was hacking a positive?

No harm being a hacker on the golf course. But not necessarily a positive thing either

Cordell

ineedeuro wrote: »

When exactly was hacking a positive?

https://en.wikipedia.org/wiki/Hacker_culture

limnam

ineedeuro wrote: »

When exactly was hacking a positive?

Probably back to the 70's when the people who were on public networks didn't need words explained to them by sky news.

ineedeuro

Cordell wrote: »

https://en.wikipedia.org/wiki/Hacker_culture

So US hacker = good
China/Russia hacker = bad

Cordell

ineedeuro wrote: »

So US hacker = good
China/Russia hacker = bad

Tinkering with stuff to see how they work - good.
Bringing down a health system for $$$ with loss of file consequences - bad.