Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Sergey Nivens

Defence Forces deployed 'ethical hackers' to fight back against massive HSE cyber attack

The CIS Corps deployed experts trained to think like cyber criminals to tackle the threat.

THE DEFENCE FORCES deployed the skills of so-called ‘ethical hackers’ in their bid to fight back against the HSE cyber attack of May this year. 

Ethical hackers are trained to effectively think like a cyber criminal and highlight flaws in a system’s structure. They’re typically tasked with highlighting weaknesses that need to be addressed in IT systems. 

Captain Steve Keane, an Officer in the Computer Response Team (CRT) of the Defence Forces Communications and Information Services Corps (CIS), has revealed for the first time the detailed work of the unit during the HSE crisis, which is still not yet fully resolved. 

In a podcast by the Defence Forces, Keane revealed how his unit were contacted immediately by the HSE and how they set about trying to find the hackers and analyse the virus.

“We had personnel who were analysing the malware – what does it do?” he said.

“They were also hunting for the threat actor, the adversary, on the network. [We were asking] is the person there? Is there a level of persistence where the network is brought back up and is there something nasty hiding in the corner and undoes all the work?”

Keane said that there were also military experts involved in testing a decryptor – a programme designed to retrieve infected data on HSE computers. 

He said that his team were working on the project with the health service “up until extremely recently”.

According to the latest update from the HSE, 82% of systems are now decrypted. The attack continues to affect various aspects of the service, but according to the latest official update on the ransomware attack there is currently “no evidence that large amounts of patient or staff data has been published online or sold to criminals involved in fraud”.

As the health system buckled under the pressure of the initial attack, Keane said the Defence Forces sprung into action immediately. 

While Keane didn’t comment on any specific measures, sources have told The Journal that soldiers attached to CIS were sent to hospitals and HSE offices to decrypt computers on site.

The captain said: “The Defence Forces, due to its flexible nature, were able to deploy very quickly. We were able to deploy nationally to a lot of locations in every corner of the country due to the amount of barracks and their locations so we were very flexible. 

“It was great to see all the different companies, all the different entities there. They were at the briefings and everyone saying ‘what can we do?’. It was a very positive experience.”

As previously reported by The Journal, significant questions have been raised by TDs and military sources about the impact of funding cuts on the CIS Corps.

Keane did not speak about the funding shortfall in the Defence Forces affecting its ability to respond but defended his unit’s capability.  

“The quality of people we have, we don’t have a lot of personnel – as with every organisation you are crying out for more but the people we do have, the skills they have, are exceptional.”

Keane was asked during the interview what was the future for the CIS Corps and he said that the need for the unit was only going to grow. 

“It is only going to get bigger, it has to get bigger. It is recognised by the European Defence Agency, by NATO, by any credible force that the nature of conflict has changed.

Using a term often deployed by military experts to refer to traditional warfare he said: “You don’t just have kinetic conflict, from now on, it will be proceeded by a cyber effect.”

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Close
39 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Install the app to use these features.
    Mute Paul Gorry
    Favourite Paul Gorry
    Report
    Jul 20th 2021, 12:28 AM

    Well done defence forces no guns or weapons just intellectual capability. Great stuff. Feel proud lads the country is behind you.

    376
    Install the app to use these features.
    Mute Mickety Dee
    Favourite Mickety Dee
    Report
    Jul 20th 2021, 7:26 AM

    @Paul Gorry: It looks like they outsourced the work completely. The HSE could’ve done that themselves

    53
    Install the app to use these features.
    Mute SPQH
    Favourite SPQH
    Report
    Jul 20th 2021, 8:18 AM

    @Mickety Dee: they didn’t. The defence forces does have a unit that monitors and pushes back cyber threats already, Russia uses Ireland for all sorts of dark activities, there was an interview on the radio last year with someone running the unit last year. It was most revealing of the activities they have to monitor. On actual outsourcing: sometimes to get an expert in a very specific area, perhaps someone who knows where the data may go on sale for example, they would need to be outsourced, but this is normal practice, even the US do that.

    48
    See 1 more reply ▾
    Install the app to use these features.
    Mute James McCartney
    Favourite James McCartney
    Report
    Jul 20th 2021, 8:36 PM

    @Mickety Dee: How could the HSE scan and decrypt 100,000 PCs/Laptops in every town in Ireland and at the same time restore thousands of servers and maintain frontline services during COVID Paul. Tell me? God knows if they tried we’d have the likes of you moaning about how they didn’t call the army in to help!

    4
    Install the app to use these features.
    Mute JustMeHere
    Favourite JustMeHere
    Report
    Jul 20th 2021, 12:36 AM

    So, did they turned it off and back on again?

    142
    Install the app to use these features.
    Mute Ger Murphy
    Favourite Ger Murphy
    Report
    Jul 20th 2021, 9:47 AM

    @JustMeHere: I think it’s safe to safe you wouldn’t meet the intelligence threshold required to work in this field.

    35
    Install the app to use these features.
    Mute Stuart Bowles
    Favourite Stuart Bowles
    Report
    Jul 20th 2021, 10:29 AM

    @Ger Murphy: Woosh, right over your head

    17
    Install the app to use these features.
    Mute Darren Carroll
    Favourite Darren Carroll
    Report
    Jul 20th 2021, 12:22 AM

    Upgraded the windows OS..fair dues to them

    90
    Install the app to use these features.
    Mute Dave Barrett
    Favourite Dave Barrett
    Report
    Jul 20th 2021, 9:28 AM

    @Darren Carroll: Did they try plugging it in?

    4
    Install the app to use these features.
    Mute William Tallon
    Favourite William Tallon
    Report
    Jul 20th 2021, 1:58 AM

    We’ve had a virtual army for years now…

    63
    Install the app to use these features.
    Mute David Dineen
    Favourite David Dineen
    Report
    Jul 20th 2021, 5:29 PM

    @William Tallon: while seeing the humor, I have to say that the limited capability of the defence forces due to funding hasn’t always shone the brightest lights on its amazing achievements, everywhere the forces go they are lauded for their skills in peacekeeping, its well known that the Irish go where no others dare to go and achieve..

    3
    Install the app to use these features.
    Mute Nameo Maximus
    Favourite Nameo Maximus
    Report
    Jul 20th 2021, 6:02 AM

    I’m not even remotely expert in this area but having “White Hats” onboard to pre-empt & prevent attacks has been pretty much standard procedure since the relatively early days of the internet… the headline kinda suggests that somehow using water to put out a fire is something strange and wonderful that our (admittedly, very under-funded) Defence Forces just dreamt up in response to the HSE systems burning down…

    63
    Install the app to use these features.
    Mute ShaneO'Mac
    Favourite ShaneO'Mac
    Report
    Jul 20th 2021, 6:54 AM

    @Nameo Maximus: It’s not a new approach. Ireland should have a decent cyber security division already. We don’t but we absolutely should.

    35
    Install the app to use these features.
    Mute SPQH
    Favourite SPQH
    Report
    Jul 20th 2021, 8:21 AM

    @Nameo Maximus: they didn’t just dream it up; just because everyone has only just heard about this it may come as a massive shock that we did already have this unit for a while now. Its under funded though, but it did exist.

    24
    Install the app to use these features.
    Mute Brendan Odonnell
    Favourite Brendan Odonnell
    Report
    Jul 20th 2021, 8:08 AM

    Having worked with these teams I can honestly say I was always impressed with their professionalism and dedication to the task at hand. THANKS is too small a word.

    47
    Install the app to use these features.
    Mute Brian Burns
    Favourite Brian Burns
    Report
    Jul 20th 2021, 12:47 AM

    Would have been cheaper to pay the hackers..an uncomfortable truth

    43
    Install the app to use these features.
    Mute Paul Furey
    Favourite Paul Furey
    Report
    Jul 20th 2021, 12:53 AM

    @Brian Burns: but never an option

    147
    Install the app to use these features.
    Mute Paul Gorry
    Favourite Paul Gorry
    Report
    Jul 20th 2021, 12:57 AM

    @Brian Burns: uncomfortable comment Brian to be fair.

    46
    See 6 more replies ▾
    Install the app to use these features.
    Mute Hugh Morris
    Favourite Hugh Morris
    Report
    Jul 20th 2021, 1:06 AM

    @Paul Gorry: troll

    11
    Install the app to use these features.
    Mute Paul Gorry
    Favourite Paul Gorry
    Report
    Jul 20th 2021, 1:16 AM

    @Hugh Morris: I d I o t

    28
    Install the app to use these features.
    Mute alan hickey
    Favourite alan hickey
    Report
    Jul 20th 2021, 1:48 AM

    @Brian Burns: Im genuinely thinking was it ever hacked when they didn’t even have to pay money

    18
    Install the app to use these features.
    Mute Paul Furey
    Favourite Paul Furey
    Report
    Jul 20th 2021, 2:36 AM

    @alan hickey: you honestly think that the 100s of people involved in repairing the damage caused by the cyber attack….can all keep quite about this cover up of yours?

    64
    Install the app to use these features.
    Mute alan hickey
    Favourite alan hickey
    Report
    Jul 20th 2021, 3:13 AM

    @Paul Furey: I never said it was a cover up there’s just something not right about it. It’s very strange

    19
    Install the app to use these features.
    Mute Teresa O'Halloran
    Favourite Teresa O'Halloran
    Report
    Jul 20th 2021, 7:23 AM

    @Brian Burns: You don’t feed the monster no matter what, or you will never get rid of them.

    21
    Install the app to use these features.
    Mute Jon Kelly
    Favourite Jon Kelly
    Report
    Jul 20th 2021, 7:52 AM

    Sensasionalist headline. This is standard practice in the private sector and pretty much everywhere else. Why are they trying to make it out to be something like a scene from a movie?

    29
    Install the app to use these features.
    Mute iohanx
    Favourite iohanx
    Report
    Jul 20th 2021, 7:29 AM

    Porkies and PR.

    32
    Install the app to use these features.
    Mute Richard Mccarthy
    Favourite Richard Mccarthy
    Report
    Jul 20th 2021, 7:41 AM

    Nice to see our defence forces are up to speed in the Tech dept,it might go some way for our lack of physical defences,its embarrassing for the country that we have a secret pact with the British to protect our airspace in the event of foreign intrusion,in other words the RAF has responsibility for keeping our airspace safe because we refuse to do so ourselves.

    24
    Install the app to use these features.
    Mute Sean Walsh
    Favourite Sean Walsh
    Report
    Jul 20th 2021, 8:00 AM

    @Richard Mccarthy: Secret pact?now everyone knows Richard

    32
    Install the app to use these features.
    Mute Wez Moore
    Favourite Wez Moore
    Report
    Jul 20th 2021, 8:44 AM

    You’re supposed to do this before you get hacked. To see where you’re vulnerable and patch the holes.

    Bit late to “think like a hacker” when they’ve got all our data and encrypted all our servers.

    This is bread n butter, but they’re trying to make it sound dramatic. Garda tech unit were always avoiding work, their first priority was the rota/hours. Yet the Garda had/have better tech than the army here.

    25
    Install the app to use these features.
    Mute Richie
    Favourite Richie
    Report
    Jul 20th 2021, 8:23 AM

    Sometimes I find this app very frustrating.

    Man asked (told) to do a job with his team.He does the job well.Asked (told) to do an interview where he is extremely limited in what he can actually say and he gets criticised.

    The only part of that interview where he was highlighting positivity for what they did was the fact the army is a quickly deplorable asset to the state where they will be deployed until the job is done with members working at times 24/7. He praised his troops for a good job – shock!

    The fact that white hats would be used may be common knowledge to some but not to all and having them both internal to the Army and also “on call” externally but working directly with the DF is the best way for their deployment.

    Of course he was going to pitch for badly needed resources

    14
    Install the app to use these features.
    Mute William Tallon
    Favourite William Tallon
    Report
    Jul 20th 2021, 9:24 AM

    @Richie: Yikes! I don’t think he’d like his team being referred to as ‘a quickly deplorable asset’, something which would imply that its performance in this area is generally soon realised to be somewhat ineffective by those engaging with it…

    1
    Install the app to use these features.
    Mute Richie
    Favourite Richie
    Report
    Jul 20th 2021, 11:33 AM

    @William Tallon: apologies. Deployable

    Their actions have been commended by all who interact with them in fairness.

    The reality is due to resources they can only be reactive at present whereas their desire and purpose is to be proactive.

    Unfortunately resources do not match this aim at this time.

    Hopefully this is the wake up call for all of the required resources to stay somewhat ahead in cyber.

    3
    Install the app to use these features.
    Mute Pavel Shipilov
    Favourite Pavel Shipilov
    Report
    Jul 20th 2021, 7:55 AM

    I thought they were saying that they do/did not have enough personnel to withstand the attack as Defense Forces had staff shortage. Now they are telling fairytales how they saved the World.

    9
    Install the app to use these features.
    Mute RogerRamjet
    Favourite RogerRamjet
    Report
    Jul 20th 2021, 9:30 AM

    Wasn’t the main reason they were able to get things decrypted because the hackers ended up providing a decryption key when they realised they were not getting paid (and probably had some back-door pressure from the Russia government to do it)

    7
    Install the app to use these features.
    Mute Dave Barrett
    Favourite Dave Barrett
    Report
    Jul 20th 2021, 9:30 AM

    Wonder who will get the contract with replacing all the software in the HSE?.

    5
    Install the app to use these features.
    Mute Niall Gannon
    Favourite Niall Gannon
    Report
    Jul 20th 2021, 9:30 AM

    Over half the machines infected running XP!!! Hasn’t been a security update or any update for XP since 2014. QED

    5
    Install the app to use these features.
    Mute The world outside the M50
    Favourite The world outside the M50
    Report
    Jul 20th 2021, 12:20 PM

    @Niall Gannon: Would love to know where you got that ‘statistic’ because on the ground it is patently just not true.

    2
    Install the app to use these features.
    Mute michael macken
    Favourite michael macken
    Report
    Jul 20th 2021, 10:55 AM

    well they must have got my info as i have been inundated with fake call, text and instant messages from apps, very distressing and frustrating, even got a fake vaccine appointment

    1
    Install the app to use these features.
    Mute James McCartney
    Favourite James McCartney
    Report
    Jul 20th 2021, 8:44 PM

    @michael macken: They didn’t get your info from the HSE hack. That hasn’t been released yet. Any calls, texts and IMs you’re getting are most likely from the Facebook data hack which was publicly released this year. HSE data won’t be in the public domain for a number of years.

    1
Submit a report
Please help us understand how this comment violates our community guidelines.
Thank you for the feedback
Your feedback has been sent to our team for review.

Leave a commentcancel

 
JournalTv
News in 60 seconds