Malicious Attack Against CAO Website

Monday the 23rd of August was a big day for many Irish students as their anxious wait to see if they had been accepted into their preferred third level college was finally over.  Many logged onto their computers and nervously accessed the CAO website.  However, many were ùnable to access the site as the CAO website was victim to a malicious attack.  According to a press release issued by the CAO yesterday “Access to the CAO website was affected because of a malicious attack from an unknown source this morning.  The CAO website was available intermittently between 6.10 am and 1 pm today when the problem was resolved by CAO technical staff. The system is being monitored 24 hours a day to ensure continuity of online services.”

Without hard facts on exactly what type of DOS attack it was and other details of the attack it is difficult to make any judgement on the event.  However, yesterday’s attack highlights that no matter what business your organisation is in you need to accept that once you are connected to the Internet you are a potential victim of an attack.  At IRISSCERT, www.iriss.ie, we see attacks against Irish websites on a daily basis.  Most of these attacks are by criminals targeting websites to use them to host their criminal activity, be that hosting a phishing site or spreading computer viruses.

Without the details of the attack it is hard to know what exactly happened.  DOS attacks can take various forms from flooding the network bandwidth with so much traffic you cannot reach the site, to the server not having enough CPU or memory to cope with the load, to exploiting software bugs in the operating system, website software or the web application to cause the server to become unavailable.

Defending against a DOS or DDOS attack can be difficult but some steps can be taken to reduce the risk of becoming a victim;

  • Have appropriate perimeter defences in place such as firewalls and intrusion detection systems.  Make sure these are configured properly and updated with the latest software patches and that their rules on these devices are reviewed regularly.
  • Ensure you have adequate bandwidth with burst capacity (i.e. the ability to get more bandwidth) in the event an attack happens.
  • Agree with your ISP or hosting provider that DOS defence capabilities are built into the service you are getting from them.
  • Have all the software on the system patched and up to date with the latest releases to ensure you are protected from a software based attack.
  • Make sure your incident response plans are documented and up to date with how to tackle such an attack.
  • Have key logging and alerting facilities turned on to detect such an attack as early as possible.
  • For times that are crucial and demand is expected to be high you should have extra servers, or mirrored servers in multiple locations, configured to take the unexpected load.

They are other techniques that can be used to mitigate the impact of these attacks but the bill can soon start getting higher and higher and it ends up with who has the most resources, the attacker or the defender.

I was interviewed by the RTE 9 o’clock news and the Irish Times on this matter.

3 Comments

  1. Andrew Court says:

    Was it really an attack though? The CAO site goes down almost every year on the day of the results. Is there any chance that this DOS attack was in fact just all the students logging into the site at the same time?

  2. Brian Honan says:

    Hi Andrew

    Without access to the actual logs and details of the attack it is very hard to say whether or not this was an actual attack or simply the server not being able to cope with the load. However, seeing as the CAO has now given the logs over to the Gardai for further investigation I would take this as demonstrating that there was an actual attack.

    Hopefully there will be a report on the attack made public so that we as an industry can learn what caused the problem, be it an attack or otherwise, and we can put appropriate measures in our own environments.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.