Gardaí trawl six years of Commissioner Nóirín O'Sullivan's email account in hacking scare
Published 22/11/2016 | 02:30
Gardaí are trawling through six years of Commissioner Nóirín O'Sullivan's emails in a bid to ensure her private account has not been hacked, the Irish Independent understands.
No evidence has been found that her account was hacked. However, there is a concern that her Gmail username and password may have been among millions stolen and placed for sale on the internet.
The Garda chief admitted using the Google service because her official Garda email was too restrictive.
She said it was necessary to use a private email address "occasionally" in order to ensure Garda business was "discharged effectively".
IT experts are investigating whether her Gmail details were among the data belonging to more than 68 million people that was stolen from data storage firm Dropbox in 2012.
The information taken from Dropbox, which allows users to share files through Gmail, was subsequently posted on the so-called 'darknet', which is chiefly used for illegal trade.
Sources said that Ms O'Sullivan does not believe she ever subscribed to Dropbox and did not receive an email warning her to change her password when the data breach emerged last August.
In a statement, gardaí said they were satisfied the Commissioner's system "are secure and there is no evidence that they have been compromised".
"The Commissioner takes all recommended security measures when using Gmail such as regularly changing the password, using a mix of letters, numbers and symbols for the password, and independent device authentication," they said.
The Irish Independent understands that Ms O'Sullivan's account is still active, although she is unlikely to use it for work-related purposes in the future.
It no longer contains her title or workplace in the embedded signature. Gardaí use Android phones which routinely have a Gmail account installed.
This is considered an "essential requirement" in order to allow devices to be "constantly secured and correctly configured", a spokesperson said.
However, the force's policy on email usage dates from 2012 and fails to take into account advances in technology such as the need for mobile devices to be associated with a commercial email address in order for them to be secured and configured.
The policy has recently been reviewed and a new version is being finalised.
In a statement, Garda Headquarters said: "Devices issued to the Commissioner are secured by secure connections and utilise strong encryption technologies. Access to the Pulse database on any Garda Síochána devices is segregated by secure containers which does not store any Garda data on the device."
Security consultant Conor Flynn of Information Security Assurance Services told the Irish Independent that other issues also need to be considered when using Gmail, including the fact Google are scanning your emails in order to sell advertisements.
"They can then target an ad to that person's inbox. That's how Google pay for your free service.
"If someone had malicious intent they could start looking for words relating to security issues or something similar," he said. Mr Flynn also noted that Google always retains multiple copies of a user's information meaning data is often moved outside of Ireland and even Europe.
Gardaí said the Commissioner is "well aware of her obligations to protect national security and policing operations and would under no circumstances allow them to be compromised".
She is to submit a report on the controversy to the Justice Department and the Policing Authority soon.
A spokesperson for Justice Minister Frances Fitzgerald said: "The use of forms of communication in particular circumstances are operational matters based on an assessment of the circumstances involved and, accordingly, the Department has nothing to add to any comment by An Garda Síochána." Ms O'Sullivan is due before the Policing Authority on Thursday.