Personal information including names, addresses, phone numbers, email addresses and passwords have been made public online after the website http://www.theirishfield.ie was hacked. The Gardai and the Data Protection Office has been notified and are investigating the circumstances surrounding the breach.

It is understood that the personal details were posted on the boards.ie website but were taken down shortly after one of the moderators were made aware of the posting. It is believed that the data will surface elsewhere on the Internet however.

As people generally tend to use the same password for numerous accounts, in the case of a breach like this, it can also end up with email addresses and other user accounts being compromised.

In the wake of the CAO attack last month and as Gardai are still investigating the attack it has been uncovered that the Gardai’s own website http://www.garda.ie is currently vulnerable to an attack.

A Senior Security Consultant at Security firm Secured.IE was quoted as saying “without proper security controls in place, such as rate limiting and account lockouts leaves the administration of the website open to brute force attacks”.

“The irony is, that while the Gardai are investigating the attacks on the CAO, their own website is probably just as, if not more, vulnerable” commented another security expert.

In the event of the website being breached there can be many ramifications, the site could end up being defaced and hosting malware which in turn could end up compromising the security of all the computers that log on to see what’s after  happening which would no doubt include other government computers.

Hackers pose a significant security risk to any website. While no domain, website or network is absolutely immune to attacks, a few simple steps can ensure that you mitigate the risks associated with most types of attacks. The majority of attackers will be deterred by strong security measures and are far less likely to spend the extra time required to hack a secure website.

When operating a high profile website such as the Garda website or in fact any website a number of key procedures must be put in place:

• Ensure that access to the administration console is completely locked down to authorised IP addresses
• Regularly monitor the website access logs to look out for unusual or abnormal behavior
• Keep the web server up to date with all security patches
• Make sure that all processes are locked down and accessible only by those authorised.
• Always use strong passwords which contain uppercase/lowercase/numbers/special characters and should ideally be 10 characters or more
• Make sure file permissions are correctly set
• Use ftps instead of ftp for more secure connections
• Always connect to your web-server from a secure location, ie. not an internet cafe
• Use Key based authentication in addition to passwords
• Never use shared login credentials

Gardai are investigating a number of complaints from Small business owners in the Midlands and West of the Country who have been hit by cyber attacks.

Hackers have gained access to the computer systems of these businesses, encrypted data such as client files, order books and are now demanding ransom for the release of the data. Understandably this could cripple any sized business. Without proper security measures in place these businesses are effectively leaving themselves wide open to attacks such as these.

The worrying aspect of this is that most businesses in Ireland do not have adequate IT Security systems in place and are not aware of the seriousness of what can happen without proper protection.

Click here to read more on RTE’s website.