I was asked yesterday by the Irish Daily Star newspaper to write what my thoughts were on the recent revelations regarding alleged hacking of the computer network for the Garda Síochána Ombudsman Commission office and surveillance of their phone system. As I have not seen the original security report or have any other insight into the details of what was found, I wrote the opinion piece based on the information released by the Garda Síochána Ombudsman Commission and the subsequent statement of Minister Shatter in the Dáil. According to the Garda Síochána Ombudsman Commission and Minister Shatter, there were three “technical anomalies” found during the original security review.
It is important to remember that those managing networks and systems often look for “anomalies” as they could indicate issues with the integrity of the network ranging from a technical problem to the potential that the security of the network has been compromised.
There are a number of reasons a company may see anomalies on its network. One reason could be due to the security of the network being breached resulting in unusual traffic or activity on it. Another reason could be new applications or systems added to the network which in turn cause strange traffic to appear. Changes to the network configuration and setup, such as changing the security rules on the company firewall, could also result in unusual activity. Finally, the failure or misconfiguration of a hardware device or software could also result in anomalies on the network.
With regards to the alleged bugging and surveillance of the offices and network of the Garda Síochána Ombudsman Commission (GSOC) we do not have enough details to determine whether the anomalies mentioned in their statement were caused by malicious attackers or were the result of less benign elements, such as hardware failure or misconfiguration. We also do not have enough technical details from recent press coverage as to how the alleged bugging and surveillance happened to determine if the attacks described were feasible against the network and systems of GSOC.
To properly understand the nature of the alleged attacks, and potentially those who could have carried out those attacks, the report from the security company who carried out the security assessment should be given to independent third party experts who could then determine the true nature of the threat. However, this may not be possible as many organisations do not share security reports on their networks as it may provide potential attackers with additional information that could be used against the organisation.
While a number of commentators have highlighted the techniques and technology used in the alleged attacks were of government level this does not necessarily mean the only parties who could have carried out such attacks were government agencies. While sales of certain technologies is restricted to some governments and their agencies, there is no guarantee the same technology has been made available to other parties. Also there are many non-government level tools, techniques and technologies that can be employed to conduct similar attacks.
You can also read my earlier blog post “Quis custodiet ipsos custodes? – Security Breach at Garda Ombudman Commission Offices” from Sunday night on this same topic.
If you cannot get a copy of today’s Irish Daily Star, here is the opinion piece;