Last week, a bunch of Irish websites were hit by DDoS attacks. Government sites, message boards and even the Lotto were hit, with more apparently to follow. So, what is going on?
Early last week, the Irish National Lottery’s website was knocked offline following an extensive distributed denial-of-service (DDoS) attack. In the lead up to its €12m jackpot, this was not ideal.
Worse still, it affected the business’ entire operation as its in-store ticketing machines were compromised too, meaning people couldn’t buy tickets in the run-up to the, at the time, biggest jackpot since mid-2014.
Then, a couple of days later, a bunch of government-related websites were hit in a similar way.
Websites including those of the CSO, the Department Of Justice and the courts service became unavailable for around an hour, with the Department of Public Expenditure and Reform claiming “attacks” that had hit government infrastructure were the cause.
Minimising the disruption
A statement said a “number of contingency plans” were enacted to “minimise the disruption”, claiming that, due to DDoS attacks’ nature, it was “not possible” to identify who was behind it.
The Office of the Government Chief Information Officer got involved to help sort it out, with the relevant service agencies eventually getting the sites back online.
Boards.ie was also seemingly hit.
We're experiencing a ddos attack on site at the moment; we're doing our best to mitigate the effects and will be back online asap.
— boards.ie (@boards) January 18, 2016
As was Daft.ie.
Our apologies for any inconvenience, we are aware of issues with the site at present and our tech teams are working to resolve this.
— Daft.ie (@daftmedia) January 19, 2016
The luck of the Irish, it seems, was not in.
National security audit
A pseudonymous source to The Register claimed that the first attack was the start of a ‘national security audit’, with news sites to follow.
“This is the beginning of a national cybersecurity audit. There is a team of security folks testing a lot of Irish websites,” read the claim.
“They have indicated that news outlets and financial institutions will be next. Their goal is to highlight poor security practices within Ireland and to raise the bar on a national level.” This, though, seems unlikely.
Today, we had a look around and spoke to a few people about it all and the picture, it seems, is still unclear.
One hosting company we spoke with noted one of its clients getting hit, hard, today. And when we spoke to a couple of security experts, the optimism wasn’t, exactly, flowing.
“We don’t know who is behind it,” said Eset’s Urban Schrott. “It’s practically impossible to trace DDoS attacks, unless you are a national body. But DDoS attacks are hardly the most sophisticated attacks. They are quite basic, but effective.”
Perhaps we should stop here and explain a bit. DoS and DDoS – which you often hear, incorrectly, as the same thing – are different, but related.
Denial of service (DoS) can be, say, caused by one computer rifling requests to a website constantly, trying to overwhelm it and take it down. A decent infrastructure can stop this, blocking the trouble spot and allowing the site to work away without much notice.
DDoS, though, is more expansive, relying on suites of computers to send requests (sometimes in the tens of thousands) from all over the world, to one specific target. Defending against this, unfortunately, is far harder.
“This could be absolutely anybody,” said Schrott. “With cybersecurity, we can only go on the evidence in front of us, guessing the people behind it is speculation. It could be teenagers honing their hacking skills, it could be testing, it could be more malicious.”
Maybe Schrott is right, maybe only a state department could help. Well? Nope. When we got in touch earlier we were told the statement issued last week remains the only comment on the attacks.
So we don’t know where these attacks are coming from or why. Cybersecurity companies don’t know. Web hosts don’t know. Website owners don’t know. And no link between the National Lottery, Boards, various government sites and perhaps other online outlets has yet, officially, been acknowledged.
So we’re left with our opening question unanswered. Just what is going on with DDoS attacks in Ireland at the moment?
Ireland image via Shutterstock