Businesses and consumers in Ireland continue to fall for internet scams, writes GORDON SMITH
IRISH BUSINESSES and consumers continue to fall victim to internet scams, and the lack of a co-ordinated national cyber-security strategy is hampering efforts to tackle the problem, a conference has heard.
The Irish Reporting and Information Security Service (Iriss) held its first annual cyber crime conference in Dublin last week. Iriss was formed last year following unsuccessful efforts to persuade the Government to establish a Computer Emergency Response Team (Cert). Ireland is one of the few western countries not to have such a team.
Staffed on a voluntary basis, Iriss distributes free advice and warnings about information security threats to 250 member organisations. However, many security breaches are not reported to law enforcement, making it difficult to focus resources where they are needed, said Iriss founder Brian Honan.
“We’ve been fighting trench warfare when what we need is a battlefield view so we’re able to plot a strategy,” he said. “Unless we as a community share information, we’re fighting with one hand tied behind our backs and, in some cases, two hands. Cybercrime is real, and we need to co-operate better to tackle this.”
Since Iriss launched it has issued numerous alerts on critical software vulnerabilities and also provided information to help shut down cyber attacks in other countries. Last July saw several Irish web servers compromised. Anyone visiting the sites hosted on them would be redirected to one of three sites that downloaded fake antivirus software and malicious programs.
The sites had been registered in Russia and physically hosted in China, and traffic was also routed through Canada. Iriss incident handler Mark Hillick said the website infiltrations used some techniques that had not been seen before, and many of the internet domains registered as part of this wave of attacks are still live.
“The domains were created so quickly, a lot of antivirus tools didn’t have them on a blacklist,” he said. The breach came to light after an Iriss member notified the service that one of its sites had been compromised.
Det Insp Paul Gillen, head of the Garda computer crime investigation unit, said he was very concerned about the possibility of distributed denial-of-service attacks against Irish sites.
“I’m scared that Ireland will suffer what Estonia suffered,” he said, referring to incidents in April and May 2007 when many Estonian government websites and critical systems were taken offline. “Ireland’s capability to react to something like that would worry me,” said Det Insp Gillen.
To date, most distributed denial-of-service attacks have been aimed at online gambling services where criminals try to force the victim to pay a ransom to stop the attacks, according to Terry Neal, a director with the Sans Institute, which runs the internet’s Storm Centre early warning system.
Despite newspaper reports and regular warnings from banks, the phishing problem has got worse, added Det Insp Gillen. “We still have people who are willing to sit down and give their user name and password and are willing to write 100 PIN numbers from a code card that the bank gave them – and then they’ll go back to check they’re the right ones,” he said. “Somewhere along the way, we’re obviously failing at getting the information out to the general public to make them more aware of hi-tech crime.”
According to Det Insp Gillen, phishing scams usually happen in four stages: the hack is performed to infiltrate a person’s PC and steal their login details, or else the victim is tricked into revealing their pass codes by an e-mail that seems to have been sent by their bank. Criminals then gain access to the person’s bank account over the internet and use the codes to transfer money to an account in another part of the country.
Gangs then use “money mules” – other people who withdraw funds from ATMs. “The money mule is the first person to raise their head above the trench to have the back of their collar grabbed,” said Det Insp Gillen, who said gardaí have had some success stopping this.
“Everyone in this structure receives a percentage of the take in the crime,” he said. “We’re dealing with highly organised crime here. The only way we’re in a position to deal with it is if IT security professionals, academics, law enforcement and a Cert join into a community to develop a task force, because everyone has information that could be a piece of evidence.”
Marco Thorbruegge, a senior expert on Certs with the European Network and Information Security Agency, said Government involvement was an essential part of a complete national cyber security strategy.
He added that all EU states benefit from Certs sharing information and reporting incidents with each other. “The internet doesn’t stop at borders,” he said.
