CAO helpless to prevent repeat of chaos caused by cyber attack
Published 24/08/2010 | 05:00
THE Central Applications Office (CAO) is virtually powerless to prevent a repeat of the cyber attack on its website that caused chaos as more than 48,000 college offers were released online yesterday.
The malicious attack happened within 10 minutes of the publication of the offers.
It was the second time in recent months that the CAO website was targeted by computer hackers, the Irish Independent has learnt.
The attack caused huge upset to anxious students, particularly those who were abroad and had no other way of viewing their college offer.
It was also the main concern highlighted by callers who flooded the National Parents' Council helpline.
A leading internet security expert last night warned there was little the CAO could do to prevent a repeat attack.
CAO operations manager Joe O'Grady said the system was being monitored 24 hours a day to ensure continuity of online services.
The CAO plans a full investigation into the attack, but not until after the first- and second-round offers. There is no decision yet on whether to call in the gardai.
Mr O'Grady thanked students and parents for their patience following the "malicious attack from an unknown source", which led to an intermittent service between 6.10am and 1pm.
The website was hit with what is called a 'denial of service attack', which makes a system unavailable to legitimate users by overloading it with a massive number of bogus requests.
The problem was resolved by CAO technical staff, who at first sought to thwart the attack, but ultimately bypassed it.
Despite the upset, the CAO said more than 23,000 online acceptances were recorded by the close of business. This was more than the 22,000 recorded at the same time last year.
Mairtin O'Sullivan, a senior consultant with information risk security consultants Espion, said the only way to prevent a similar crash was for the CAO to set up back-up servers around the country, which would potentially cost millions of euro.
He said the attack was quite possibly done simply for bragging rights in the hacker community.
"This is something every website is vulnerable to. There is not really anything they can do short of spending huge sums of money on extra servers in differing places around Ireland," he said.
"That wouldn't be realistic, given the low level of usage the site gets for most of the year."
Mr O'Sullivan said it was difficult to pinpoint the source of such an attack, with potentially thousands of PCs being controlled by a hacker to mount the blitz. He said hackers usually go after more high-profile sites such as Amazon or eBay.
"The White House is also a classic target," he added.
Andy Harbison, director of IT Forensics with business consultants Grant Thornton, said online bookies have occasionally come under similar attacks before big sporting events.
Google and Twitter also suffered a similar problem immediately after Michael Jackson died.
Mr O'Grady said people concerned about accepting an offer online could log in to the 'my application' section of the CAO website over the coming days to confirm their acceptance had been recorded.
He said acceptances could also be made by post, with plenty of time before the deadline of 5.15pm on August 30.
Offers could be accepted either online or by post, but not both, he added.
Education Minister Mary Coughlan was advised early yesterday of the attack and was given regular updates during the day on the efforts to solve the problem.
Labour education spokesperson Ruairi Quinn described the attack as a "particularly malicious incident".
Criminal gangs behind hackers: P25 What to do if you don't get that CAO offer