We need your help now
Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.
THE DEFENCE FORCES deployed the skills of so-called ‘ethical hackers’ in their bid to fight back against the HSE cyber attack of May this year.
Ethical hackers are trained to effectively think like a cyber criminal and highlight flaws in a system’s structure. They’re typically tasked with highlighting weaknesses that need to be addressed in IT systems.
Captain Steve Keane, an Officer in the Computer Response Team (CRT) of the Defence Forces Communications and Information Services Corps (CIS), has revealed for the first time the detailed work of the unit during the HSE crisis, which is still not yet fully resolved.
In a podcast by the Defence Forces, Keane revealed how his unit were contacted immediately by the HSE and how they set about trying to find the hackers and analyse the virus.
“We had personnel who were analysing the malware – what does it do?” he said.
“They were also hunting for the threat actor, the adversary, on the network. [We were asking] is the person there? Is there a level of persistence where the network is brought back up and is there something nasty hiding in the corner and undoes all the work?”
Keane said that there were also military experts involved in testing a decryptor – a programme designed to retrieve infected data on HSE computers.
He said that his team were working on the project with the health service “up until extremely recently”.
According to the latest update from the HSE, 82% of systems are now decrypted. The attack continues to affect various aspects of the service, but according to the latest official update on the ransomware attack there is currently “no evidence that large amounts of patient or staff data has been published online or sold to criminals involved in fraud”.
As the health system buckled under the pressure of the initial attack, Keane said the Defence Forces sprung into action immediately.
While Keane didn’t comment on any specific measures, sources have told The Journal that soldiers attached to CIS were sent to hospitals and HSE offices to decrypt computers on site.
The captain said: “The Defence Forces, due to its flexible nature, were able to deploy very quickly. We were able to deploy nationally to a lot of locations in every corner of the country due to the amount of barracks and their locations so we were very flexible.
“It was great to see all the different companies, all the different entities there. They were at the briefings and everyone saying ‘what can we do?’. It was a very positive experience.”
As previously reported by The Journal, significant questions have been raised by TDs and military sources about the impact of funding cuts on the CIS Corps.
Keane did not speak about the funding shortfall in the Defence Forces affecting its ability to respond but defended his unit’s capability.
“The quality of people we have, we don’t have a lot of personnel – as with every organisation you are crying out for more but the people we do have, the skills they have, are exceptional.”
Keane was asked during the interview what was the future for the CIS Corps and he said that the need for the unit was only going to grow.
“It is only going to get bigger, it has to get bigger. It is recognised by the European Defence Agency, by NATO, by any credible force that the nature of conflict has changed.
Using a term often deployed by military experts to refer to traditional warfare he said: “You don’t just have kinetic conflict, from now on, it will be proceeded by a cyber effect.”
To embed this post, copy the code below on your site
Well done defence forces no guns or weapons just intellectual capability. Great stuff. Feel proud lads the country is behind you.
@Paul Gorry: It looks like they outsourced the work completely. The HSE could’ve done that themselves
@Mickety Dee: they didn’t. The defence forces does have a unit that monitors and pushes back cyber threats already, Russia uses Ireland for all sorts of dark activities, there was an interview on the radio last year with someone running the unit last year. It was most revealing of the activities they have to monitor. On actual outsourcing: sometimes to get an expert in a very specific area, perhaps someone who knows where the data may go on sale for example, they would need to be outsourced, but this is normal practice, even the US do that.
@Mickety Dee: How could the HSE scan and decrypt 100,000 PCs/Laptops in every town in Ireland and at the same time restore thousands of servers and maintain frontline services during COVID Paul. Tell me? God knows if they tried we’d have the likes of you moaning about how they didn’t call the army in to help!
So, did they turned it off and back on again?
@JustMeHere: I think it’s safe to safe you wouldn’t meet the intelligence threshold required to work in this field.
@Ger Murphy: Woosh, right over your head
Upgraded the windows OS..fair dues to them
@Darren Carroll: Did they try plugging it in?
We’ve had a virtual army for years now…
@William Tallon: while seeing the humor, I have to say that the limited capability of the defence forces due to funding hasn’t always shone the brightest lights on its amazing achievements, everywhere the forces go they are lauded for their skills in peacekeeping, its well known that the Irish go where no others dare to go and achieve..
I’m not even remotely expert in this area but having “White Hats” onboard to pre-empt & prevent attacks has been pretty much standard procedure since the relatively early days of the internet… the headline kinda suggests that somehow using water to put out a fire is something strange and wonderful that our (admittedly, very under-funded) Defence Forces just dreamt up in response to the HSE systems burning down…
@Nameo Maximus: It’s not a new approach. Ireland should have a decent cyber security division already. We don’t but we absolutely should.
@Nameo Maximus: they didn’t just dream it up; just because everyone has only just heard about this it may come as a massive shock that we did already have this unit for a while now. Its under funded though, but it did exist.
Having worked with these teams I can honestly say I was always impressed with their professionalism and dedication to the task at hand. THANKS is too small a word.
Would have been cheaper to pay the hackers..an uncomfortable truth
@Brian Burns: but never an option
@Brian Burns: uncomfortable comment Brian to be fair.
@Paul Gorry: troll
@Hugh Morris: I d I o t
@Brian Burns: Im genuinely thinking was it ever hacked when they didn’t even have to pay money
@alan hickey: you honestly think that the 100s of people involved in repairing the damage caused by the cyber attack….can all keep quite about this cover up of yours?
@Paul Furey: I never said it was a cover up there’s just something not right about it. It’s very strange
@Brian Burns: You don’t feed the monster no matter what, or you will never get rid of them.
Sensasionalist headline. This is standard practice in the private sector and pretty much everywhere else. Why are they trying to make it out to be something like a scene from a movie?
Porkies and PR.
Nice to see our defence forces are up to speed in the Tech dept,it might go some way for our lack of physical defences,its embarrassing for the country that we have a secret pact with the British to protect our airspace in the event of foreign intrusion,in other words the RAF has responsibility for keeping our airspace safe because we refuse to do so ourselves.
@Richard Mccarthy: Secret pact?now everyone knows Richard
You’re supposed to do this before you get hacked. To see where you’re vulnerable and patch the holes.
Bit late to “think like a hacker” when they’ve got all our data and encrypted all our servers.
This is bread n butter, but they’re trying to make it sound dramatic. Garda tech unit were always avoiding work, their first priority was the rota/hours. Yet the Garda had/have better tech than the army here.
Sometimes I find this app very frustrating.
Man asked (told) to do a job with his team.He does the job well.Asked (told) to do an interview where he is extremely limited in what he can actually say and he gets criticised.
The only part of that interview where he was highlighting positivity for what they did was the fact the army is a quickly deplorable asset to the state where they will be deployed until the job is done with members working at times 24/7. He praised his troops for a good job – shock!
The fact that white hats would be used may be common knowledge to some but not to all and having them both internal to the Army and also “on call” externally but working directly with the DF is the best way for their deployment.
Of course he was going to pitch for badly needed resources
@Richie: Yikes! I don’t think he’d like his team being referred to as ‘a quickly deplorable asset’, something which would imply that its performance in this area is generally soon realised to be somewhat ineffective by those engaging with it…
@William Tallon: apologies. Deployable
Their actions have been commended by all who interact with them in fairness.
The reality is due to resources they can only be reactive at present whereas their desire and purpose is to be proactive.
Unfortunately resources do not match this aim at this time.
Hopefully this is the wake up call for all of the required resources to stay somewhat ahead in cyber.
I thought they were saying that they do/did not have enough personnel to withstand the attack as Defense Forces had staff shortage. Now they are telling fairytales how they saved the World.
Wasn’t the main reason they were able to get things decrypted because the hackers ended up providing a decryption key when they realised they were not getting paid (and probably had some back-door pressure from the Russia government to do it)
Wonder who will get the contract with replacing all the software in the HSE?.
Over half the machines infected running XP!!! Hasn’t been a security update or any update for XP since 2014. QED
@Niall Gannon: Would love to know where you got that ‘statistic’ because on the ground it is patently just not true.
well they must have got my info as i have been inundated with fake call, text and instant messages from apps, very distressing and frustrating, even got a fake vaccine appointment
@michael macken: They didn’t get your info from the HSE hack. That hasn’t been released yet. Any calls, texts and IMs you’re getting are most likely from the Facebook data hack which was publicly released this year. HSE data won’t be in the public domain for a number of years.
have your say