Unless action is taken he said, law enforcement will continue to be outsmarted by cyber-criminals.

The head of Interpol, Ronald Noble has warned of a severe shortage in the skills and expertise to fight cyber-crime at the recent 79th Interpol general assebly in Qatar.

“An effective cyber attack does not require an army; it takes just one individual. However, there is a severe shortage of skills and expertise to fight this type of crime; not only at Interpol, but in law enforcement everywhere.”

Unless action is taken he said, law enforcement will continue to be outsmarted by cybercriminals.

There were an estimated 247 billion e-mails sent every day, 2.8 millions per second. 80% of these e-mails comprised of either spam or viruses.

“This means the majority of stuff that hits our inbox carries potential risk of corrupting the security of our data … of hurting our economic well-being … of endangering our personal safety and that of our children … of threatening our national security,”

Data breaches from cybercrime steal as much as $1 trollion globally in lost intellectual property, income and repair costs which worldwide three-quarters of Internet users have fallen victim to some kind of online crime.

He also pointed out that the process of terrorist radicalisation used to take years potentially, but the Internet has made it easier, faster and more undetectable than ever before.

“Mere curiosity can evolve into fanaticism and extremism with alarming speed and intensity,”

“It is no longer a case of the enemy being at the gate; he is already in our homes. He is lurking on our computers, in our e-mail accounts and, increasingly, on our mobile phones and other electronic devices,”.

In the wake of the CAO attack last month and as Gardai are still investigating the attack it has been uncovered that the Gardai’s own website http://www.garda.ie is currently vulnerable to an attack.

A Senior Security Consultant at Security firm Secured.IE was quoted as saying “without proper security controls in place, such as rate limiting and account lockouts leaves the administration of the website open to brute force attacks”.

“The irony is, that while the Gardai are investigating the attacks on the CAO, their own website is probably just as, if not more, vulnerable” commented another security expert.

In the event of the website being breached there can be many ramifications, the site could end up being defaced and hosting malware which in turn could end up compromising the security of all the computers that log on to see what’s after  happening which would no doubt include other government computers.

Hackers pose a significant security risk to any website. While no domain, website or network is absolutely immune to attacks, a few simple steps can ensure that you mitigate the risks associated with most types of attacks. The majority of attackers will be deterred by strong security measures and are far less likely to spend the extra time required to hack a secure website.

When operating a high profile website such as the Garda website or in fact any website a number of key procedures must be put in place:

• Ensure that access to the administration console is completely locked down to authorised IP addresses
• Regularly monitor the website access logs to look out for unusual or abnormal behavior
• Keep the web server up to date with all security patches
• Make sure that all processes are locked down and accessible only by those authorised.
• Always use strong passwords which contain uppercase/lowercase/numbers/special characters and should ideally be 10 characters or more
• Make sure file permissions are correctly set
• Use ftps instead of ftp for more secure connections
• Always connect to your web-server from a secure location, ie. not an internet cafe
• Use Key based authentication in addition to passwords
• Never use shared login credentials

Gardai have been handed over logs and other evidence to investigate the recent attacks on the CAO website which has caused chaos for students this week.  The website was attacked just 10 minutes after the release of first round offers on the site at 6am Monday morning. The site was subsequently attacked on Wednesday by manipulating the forgotten password link which reissued new passwords to 22,000 students.

Denial of Service attacks  can be difficult but not impossible to pinpoint. Usually these attacks are perpetrated by criminal gangs looking to extort money from online websites such as bookies. The attack on the CAO however was purely to cause havoc.

Depending on the severity of the attack on Monday some simple security protocols in place may have averted the whole disaster. According to a leading IT Security firm allowing passwords to be sent out by simply inputting a CAO number would be considered ridiculous for such a high profile website and the CAO really needs to look into better coding practices on it’s website.

Thousands of students have faced massive disruption due to these recent attacks.

Recently I stumbled upon an article on Law360.com which discussed the reluctance of Legal Firms & Practices to spend money on IT Security. Although this mainly concerns American firms I believe that Irish firms are on par.

With an abundance of confidential information solicitors practices will and have already become targets for Cyber attacks. It is well known that selling IT Security Systems to legal firms proves to be a very tough sale when in fact it should be one of the easiest given the predicament a law firm might find itself in after a breach of it’s data.

Without regurgitating the whole article on Law 360, I believe that Irish firms need to take a good hard look at securing their IT infrastructure. From a brief look a few Law Practices it is quiet obvious that security is taking a back seat. From insecure wireless networks to easily guessed passwords I would have no doubt in my mind that if targeted the majority of Solicitors Practices in Ireland could easily be breached and without the proper measures in place have almost no possibility of tracking how or where the attack came from. Without a managed security system in place it can be very easy for an intruder to remove all traces of how, when and from where  an attack took place.

If you would like to read the full article on Law360 you can do so by clicking here.

Gardai are investigating a number of complaints from Small business owners in the Midlands and West of the Country who have been hit by cyber attacks.

Hackers have gained access to the computer systems of these businesses, encrypted data such as client files, order books and are now demanding ransom for the release of the data. Understandably this could cripple any sized business. Without proper security measures in place these businesses are effectively leaving themselves wide open to attacks such as these.

The worrying aspect of this is that most businesses in Ireland do not have adequate IT Security systems in place and are not aware of the seriousness of what can happen without proper protection.

Click here to read more on RTE’s website.