Trinity College’s suspected €1m cyberattack a sign of the times

28 Apr 2017

Trinity College Dublin. Image: Marc Lechanteur/Shutterstock

This week, it emerged that Trinity College Dublin was the victim of a cyberattack, allegedly worth up to €1m. But often, the word ‘cyber’ isn’t necessarily accurate.

Trinity Foundation was on the receiving end of some misfortune this week, as money went missing from its operation, leading to two separate investigations.

The Gardaí are investigating, with Trinity Foundation hiring an external cyber forensic team to also look into the matter.

The college has confirmed that some money was recovered following the discovery, but says it is too early to say whether the remainder can be retrieved.

The discovery was made when Trinity Foundation’s banks became aware of some suspicious activity in the organisation’s accounts. It said that any shortfall will be made up from the university’s future commercial revenues.

But how can such an incident occur? According to some experts, it’s rarely as scientifically masterful as cyberattacks look in the movies.

“I know it has been generally labelled as a ‘cyberattack’,” said Pat Larkin, CEO at cybersecurity service Ward Solutions, “but it rarely is that.”

Larkin – unaware of the Trinity case specifics and speaking more generally on the theme – believes that in many instances, it’s the people that are conned, not the machines.

Calling it the “human firewall”, Larkin pins the majority of attacks down to standard, age-old social engineering; criminals earning the trust of people in positions of authority (generally authority over money) and then exploiting that when they see fit.

“When we encounter types of frauds being perpetrated, we find three control areas: people, processes and technology,” said Larkin.

We still don’t know exactly what happened with Trinity Foundation but, assuming it was a simple payment redirect scheme, Larkin has an idea of how such an attack would occur.

“Traditionally, these are attacks on people and processes. Get someone to trust you, get them to change something such as the address of delivery or a change in receiving bank accounts, and then watch as the people don’t employ the appropriate change processes, verifications, letters etc.”

Interesting and worrying in equal measure, Larkin suggests that the same companies are often hit again and again by the same attack, even years apart in incidents. This, he said, is because it’s hard to educate all the staff, all the time, about all the threats.

“Proactively or reactively, companies often reach for the technology first,” he said. “But recently, companies have begun to invest in the people side of things. The human firewall.”

Despite email being the channel through which these scams run, they’re not cyber – they’re social.

“There is an awful lot of value to focus on the people and process; the technology is often complementary,” he added.

Trinity College Dublin. Image: Marc Lechanteur/Shutterstock

Gordon Hunt was a journalist with Silicon Republic