Luas website offline as IT staff investigate hacking claim (updated)

3 Jan 2019

Luas at Charlemont Station, Dublin. Image: William Murphy/Flickr (CC BY-SA 2.0)

The Luas tram service is operating normally as its website encounters a security issue.

Updated, 9.35am, 4 January 2019: Luas operator Transdev said yesterday (3 January) that user records of 3,226 people who use the Luas website may have been compromised.

Describing the incident as “a professional cyberattack”, Transdev added that those affected would be promptly contacted, noting that no financial data was obtained in the attack. Those affected had signed up to a Luas email newsletter.

The Office of the Data Protection Commissioner has also been informed of the details. At the time of updating, the website was still undergoing restoration.

The Luas website remains down this morning (3 January), with visitors noting a message claiming it has been hacked, greeting them as they try to access its services.

The message reads: “You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply the next time someone talks to you, press the reply button.”

The writer of the message then demands the payment of one bitcoin within the next five days, or they will “publish all data and send emails to your users”. One bitcoin is worth approximately €3,400 at present.

Luas stated in a tweet sent out early this morning that all of its travel updates will be provided on its official Twitter feed.

Luas is managing the incident

A Luas spokesperson said its IT department is working on the issue, but could not confirm that the website had been hacked. They stressed that the Luas services themselves are operating as normal.

The spokesperson also noted that the Luas website is a ‘static’ site, which mainly includes information to help customers, including maps and parking information, with little customer interaction.

The Luas payment site does not appear to have been affected by this incident. The firm said it has technicians working on the website to restore normal services as soon as possible.

The suspected attack appears to be a classic example of a ransomware campaign, which often involves the locking down of files on the target computer or website, preventing access. The earliest variants of ransomware were developed in the late 1980s, but the attack vector has evolved somewhat since then. Cryptocurrency ransom payments are the most popular method of collection among modern cybercriminals.

Security experts recommend real-time protection software, consistent updating of software and systems, regular data backup, and training around social engineering techniques, including spam emails, to protect against threats such as ransomware.

Luas at Charlemont Station, Dublin. Image: William Murphy/Flickr (CC BY-SA 2.0)

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects