Ransomware & HSE

ineedeuro

AndrewJRenko wrote: »

Other people are indeed questioning this. Nothing wrong with questioning this. As far as I can, there is no definitive information available to say that it is or it isn't a zero day exploit.

So to say that 'the HSE lied' has no basis in fact.



Remember this post where you referred to " information which the general public don’t have and probably shouldn’t have" and "training which would detail what you should/shouldn’t be talking about in public places"?

That was when you accused me of posting confidential information.

So you went back 2 days to find a post , which was a post which had nothing to do with the current conversation.

Anyway it's a Sunday, leave you to it.

I never mentioned confidential information. I would suggest you have a talk with your manager/HR in terms of what you should/shouldnt be discussion in public forums

ineedeuro

Cordell wrote: »

Tinkering with stuff to see how they work - good.
Bringing down a health system for $$$ with loss of file consequences - bad.

The US had plenty of hackers who did more than "tinkering with stuff". If you look at the current press we are led to believe the US has no hackers currently working on bad projects. I just think this seems a bit strange.

Cordell

ineedeuro wrote: »

The US had plenty of hackers who did more than "tinkering with stuff". If you look at the current press we are led to believe the US has no hackers currently working on bad projects. I just think this seems a bit strange.

I really don't see any point in discussing any US deeds any further on this thread.

kippy

ineedeuro wrote: »

So you went back 2 days to find a post , which was a post which had nothing to do with the current conversation.

Anyway it's a Sunday, leave you to it.

I never mentioned confidential information. I would suggest you have a talk with your manager/HR in terms of what you should/shouldnt be discussion in public forums

Nothing the poster has posted is against any form of obligation they have to their employer......assuming they are bona fide in the first place.

Keyzer

ineedeuro wrote: »

When exactly was hacking a positive?

Jesus man, you should just quit it, you haven't a clue what you're replying to never mind talking about.

The original "hackers" (in my mind, I'm cringing even typing that) were highly technical individuals who sought ways to subvert security systems, all done with no malicious intent. They did this to highlight security weaknesses.

Crackers were the baddies...

Deliverance XXV

If they expect the ransomware operators to release data tomorrow or whenever, I'm surprised we haven't heard more from the NCSC or the government about what this would entail for users that may have been caught up in the breach.

What I mean is - I would expect them to model the data that is suspected have been breached and determine what risks are to users affected. For example - are there email addresses, payroll information, job roles, phone numbers, possible security question answers (mother's maiden name, etc), addresses, risks to users from blackmail, scams or other fraudulent activity.

ineedeuro

ineedeuro wrote: »

I would have expected with the huge critical situation the HSE was in they would have brought in competent professionals which if you look at FireEye they seem to specialise in this area.
You seem to think they are not because they got hit with a zeroday vulnerability, one which was only identified after the attack by FireEye. I am not defending FireEye by the way. If the HSE picked FireEye in the knowledge they had been hit with an attack why wasn't alternatives looked at? quick search shows multiple large organisations offer similar services.

The HSE was not a zero day and the hacker managed to walk around the HSE network/systems for weeks without anyone in the HSE identifying them. They could have sat for years and would the HSE have figured it out? they only made the discovery after they released the Ransomware.
Do you think that is a sign of competence?

Your trying very badly to back track.

Personally I've been in networks for a week or more with out being detected as part of my job. Not being detected hasn't actually got anything to do with the competence of the administrators of those networks, it's because I can do so with out being noticed. I'm also probably not as experienced as those that got onto the hse network.

ineedeuro

ineedeuro wrote: »

So you went back 2 days to find a post , which was a post which had nothing to do with the current conversation.

Anyway it's a Sunday, leave you to it.

I never mentioned confidential information. I would suggest you have a talk with your manager/HR in terms of what you should/shouldnt be discussion in public forums

9 hours ago isn't two days ago and the rest is even less accurate than your statement about competence.

Blowfish

ineedeuro wrote: »

When exactly was hacking a positive?

It was initially just a word for someone technical who came up with innovative and efficient solutions to problems, generally by using systems in ways they weren't necessarily intended to be used. Think of MacGuyver in IT terms. It's even retained this original meaning when it comes to things like 'life hack', which has positive connotations rather than negative.

Unfortunately, using systems in ways they weren't necessarily intended to be used can also involve malicious use. This was how most non-tech people first came across the word, hence its association with the more malicious or criminal stuff.

JeffKenna

Blowfish wrote: »

It was initially just a word for someone technical who came up with innovative and efficient solutions to problems, generally by using systems in ways they weren't necessarily intended to be used. Think of MacGuyver in IT terms. It's even retained this original meaning when it comes to things like 'life hack', which has positive connotations rather than negative.

Unfortunately, using systems in ways they weren't necessarily intended to be used can also involve malicious use. This was how most non-tech people first came across the word, hence its association with the more malicious or criminal stuff.

https://www.popularmechanics.com/technology/a20762221/an-early-hacker-used-a-cereal-box-whistle-to-take-over-phone-lines/

Heard this on a podcast before about the first hackers, thought it was interesting.

Wombatman

DubInMeath wrote: »

Your trying very badly to back track.

Personally I've been in networks for a week or more with out being detected as part of my job. Not being detected hasn't actually got anything to do with the competence of the administrators of those networks, it's because I can do so with out being noticed. I'm also probably not as experienced as those that got onto the hse network.

What? The more competent the security team the higher the probability of early detection right?

I would love to know how the Dept. of Health detected a potential attack and stopped it, and why the HSE didn't. Could be down to luck of course, but if you are relying on getting lucky, your posture is obviously inadequate. Then again the better your posture the 'luckier' you are going to be.

Has there been any indication to as of why the decryption key was handed over?

AndrewJRenko

ineedeuro wrote: »

So you went back 2 days to find a post , which was a post which had nothing to do with the current conversation.

Anyway it's a Sunday, leave you to it.

I never mentioned confidential information. I would suggest you have a talk with your manager/HR in terms of what you should/shouldnt be discussion in public forums

So when you referred to "information which the general public don’t have", you weren't talking about confidential information?

I'll tell you what shouldn't be in public forums - posts that accuse people of lying that can't be supported with facts.

Wombatman

Wombatman wrote: »

What? The more competent the security team the higher the probability of early detection right?

I would love to know how the Dept. of Health detected a potential attack and stopped it, and why the HSE didn't. Could be down to luck of course, but if you are relying on getting lucky, your posture is obviously inadequate. Then again the better your posture the 'luckier' you are going to be.

The vast majority of companies don't have security teams, but even those that do still rely on software to detect your actions.
Depending on the type of agreed engagement, we are either given a full list of the security software that a company has, a partial list or nothing.

For the latter twe engagement I and the teams that I work with tend to spend a lot of time trying to work out what security software an organisation has in order to find ways to try and bypass it.

We also spend a lot of time searching online for information around the company, as you would be surprised what can be found online that can get you in, similar to how Deloitte was hacked back in 2016, but only admitted it in 2017.

Once you can get an administrator password a lot of actions that might trigger a warning either don't or are ignored. While that is getting more difficult with AI based systems and implementations like conditional access for example, but again very few companies have these types of systems in place or can afford to. Given time ways to bypass these systems will be found and eventually shared such as
https://o365blog.com/post/mdm/
Or
https://abnormalsecurity.com/blog/bypass-mfa-and-conditional-access/

I can also see a lot of people who have been moaning about the breach being the very ones complaining about public service bodies spending the money required to bring in those types of security software services.

ineedeuro

[Deleted User] wrote: »

Has there been any indication to as of why the decryption key was handed over?

They decided after a life of crime they wanted to turn over a new leaf and go straight
The hackers can now be found helping in the local homeless shelter.

ixoy

DubInMeath wrote: »

I can also see a lot of people who have been moaning about the breach being the very ones complaining about public service bodies spending the money required to bring in those types of security software services.

Absolutely. "You spent hundreds of millions on computer security upgrades while we've not enough beds / can't recruit enough nurses / can't upgrade a hospital? #jokeshopireland HSE needs to go!" They'll change their tune now maybe but if asked many the same thing months ago...

ineedeuro

DubInMeath wrote: »

Your trying very badly to back track.

Personally I've been in networks for a week or more with out being detected as part of my job. Not being detected hasn't actually got anything to do with the competence of the administrators of those networks, it's because I can do so with out being noticed. I'm also probably not as experienced as those that got onto the hse network.

What am I back tracking on now?

skimpydoo

ineedeuro wrote: »

When exactly was hacking a positive?

Google the Homebrew Club.

ineedeuro

ixoy wrote: »

Absolutely. "You spent hundreds of millions on computer security upgrades while we've not enough beds / can't recruit enough nurses / can't upgrade a hospital? #jokeshopireland HSE needs to go!" They'll change their tune now maybe but if asked many the same thing months ago...

I have never seen an article or post complaining about the cyber budget in the HSE prior to this attack, maybe I missed?

ixoy

ixoy wrote: »

Absolutely. "You spent hundreds of millions on computer security upgrades while we've not enough beds / can't recruit enough nurses / can't upgrade a hospital? #jokeshopireland HSE needs to go!" They'll change their tune now maybe but if asked many the same thing months ago...

Gobsh1tes don't tend to change their tune, they just tend to deny that they said what they said.

ineedeuro

ineedeuro wrote: »

They decided after a life of crime they wanted to turn over a new leaf and go straight
The hackers can now be found helping in the local homeless shelter.

It's becoming clearer that you don't know what you're talking about.

ineedeuro

DubInMeath wrote: »

It's becoming clearer that you don't know what you're talking about.

Oh I’m no expert like you.

skimpydoo

ineedeuro wrote: »

They decided after a life of crime they wanted to turn over a new leaf and go straight
The hackers can now be found helping in the local homeless shelter.

Well, that just proves that you know the square root of fook all. When you know nothing or can't bring anything of value to the table, it's best to keep your mouth shut.

skimpydoo

ineedeuro wrote: »

Oh I’m no expert like you.

You have proven that you are no expert at all.

ineedeuro

ineedeuro wrote: »

Oh I’m no expert like you.

I never claimed to be one, I also never claimed that one set of security personnel were competent and another not, simply because I know not to make stupid statements. So perhaps on that, yes I am more of an expert.

ineedeuro

skimpydoo wrote: »

Well, that just proves that you know the square root of fook all. When you know nothing or can't bring anything of value to the table, it's best to keep your mouth shut.

skimpydoo wrote: »

You have proven that you are no expert at all.

So the keyboard warrior has arrived. Feel big abusing people on internet?

skimpydoo

As a member of the blue tick brigade, it's been a pleasure reading the armchair security experts on here I know where to go to when I need a laugh

AndrewJRenko

ineedeuro wrote: »

So the keyboard warrior has arrived. Feel big abusing people on internet?

From the guy who makes false claims about the HSE telling lies?

skimpydoo

ineedeuro wrote: »

So the keyboard warrior has arrived. Feel big abusing people on internet?

Abusing people? I am just stating facts and I know I am not the only one who thinks this way.

ineedeuro

AndrewJRenko wrote: »

From the guy who makes false claims about the HSE telling lies?

NY times also questions the HSE version of events. I’m sure other non Irish media are probably doing the same.

I think you will also find other people on this thread have questioned the HSE version of events as well.