Thursday 13 December 2018

Ireland on frontline in cyber war as hackers box clever

As the fallout from the Sony hacking debacle worries cyber-security experts worldwide, Irish firms are now regarded as a 'prized target' by criminal hackers - because of our business links with multi-nationals.

CHIEF SUSPECT: Kim Jong-Un's regime is not the only government with an army of hackers at work
CHIEF SUSPECT: Kim Jong-Un's regime is not the only government with an army of hackers at work

Simon Rowe

A team of Irish cyber security experts working in a non-descript third-floor office on George's Quay in Dublin could hold the key to solving the mystery of one of the most audacious hacking attacks ever perpetrated.

Sony Pictures has hired FireEye's Mandiant forensics unit to investigate cyber attacks that crashed its computer network, stole private data and confidential emails, and targeted the entertainment giant's PlayStation network, knocking it offline on Christmas Day.

The multi-national IT security firm, which has 35 cyber-crime sleuths working at its security operations centre in Dublin, is a 24-7 incident response firm that helps targeted companies identify the extent of attacks, clean up networks and restore systems.

The firm, which has been in Ireland since 2013 and has a back-office operation in Cork with approximately 100 staff, has earned a global reputation for its cyber security work.

Before taking on the Sony clean-up job, FireEye's forensics unit was tasked with solving one of the largest data breaches uncovered to date - the 2013 attack on US retail giant Target.

In December 2013, Target disclosed a massive data breach which resulted in the theft of 40 million debit and credit card numbers and the potential exposure of personal information of up to 70 million shoppers.

FireEye's security arm, Mandiant, was also behind a 60-page dossier that exposed how the Chinese government sponsored cyber-espionage to attack US firms.

Its investigation covered a six-year period and revealed how a group of hackers - known as the Comment Crew - was linked to a secret division of the Chinese military.

Tom Keating, who heads up FireEye's security operations hub in Dublin, refused to comment on press reports linking FireEye to the Sony contract.

However, he says the Sony hacking story was "yet another wake-up call" to Irish firms regarding the "persistent cyber threat" facing them.

"The wake-up calls are coming thick and fast now," he says.

"This is serious, this is real, this is happening. And it doesn't matter if you are a big, medium or small firm. People and organisations are targeting your organisation. It's not a question of if your organisation will be compromised, it's a matter of when."

Indeed, the Sony hacking debacle and the Target data breach are just the latest high-profile incidents in a massive cyber-crime wave sweeping the globe that has been targeting corporate giants and affecting millions of consumers.

The US has been the favourite target for the major international cyber gangs who are suspected of operating mostly from Russia and eastern Europe, where they work with apparent legal impunity.

Retail giant Home Depot confirmed last summer that its payment systems had been hacked, potentially exposing millions of shoppers who used credit and debit cards at its 2,000 US and Canadian stores.

Then cash registers at 1,200 Kmart stores were infected with malware that scooped up payment card numbers for over a month, the firm revealed.

In a further blow to consumer confidence, last month US office-supply retailer Staples admitted that about 1.1 million payment cards might have been affected by a data breach announced in October.

Staples, which has more than 1,400 stores, said the malware might have allowed access to cardholder names, payment card numbers, expiry dates, and card verification codes.

Indeed, such is the extent of global credit card data theft that one Irish cyber security expert remarked wryly on an unintended consequence of this boom.

"The end result is that the price of stolen credit cards on the internet was about $40 midway through last year - but it's now down to about $5 per stolen credit card . . . because the online black market in credit cards on darknet auction sites and on websites such as Rescator has become so competitive."

Closer to home, the problem of criminal hacking is growing too and it has hit home with thousands of consumers here.

A garda investigation into the theft of almost 90,000 Irish customers' credit and debit card details and more than one million European customers' personal data is still ongoing after Clare-based firm LoyaltyBuild was targeted in late 2013.

The firm specialises in online marketing campaigns for retailers, such as discounted travel breaks for loyalty schemes.

LoyaltyBuild, which was at the centre of Ireland's biggest data-hacking breach to date, suspended trading after its IT network was targeted in a "criminal act" that affected hundreds of thousands of customers, including 70,000 SuperValu customers and over 8,000 AXA Leisure Break customers.

However, the LoyaltyBuild breach is just the tip of the iceberg in terms of what Irish firms can expect to face from criminal hackers, warns Mike Harris, head of the cyber security team at consultancy firm Grant Thornton.

Ireland is now seen as a "prized target" by international criminal hackers, he says, because it houses the European headquarters of multi-national firms such as Google, Facebook, Microsoft, LinkedIn and Twitter.

"Organisations in Ireland are being increasingly targeted because they are in the supply chain of large US multi-nationals.

"Rather than targeting the large organisations directly, they target a third-party firm or a supplier of the bigger firm. This is something we are seeing with a lot of the large hacks taking place at the moment," says Harris.

"The Target case is a classic example of this tactic," he says. "The hackers in this case didn't attack Target directly - but instead they targeted a supplier, a company that supplied air conditioning products.

"This smaller company had far lower IT security. The hackers were then able to gain access to the billing system within Target by attacking their supplier's network. That's why this issue is becoming important for Irish companies."

Ireland's top cyber security experts warn of four major threats facing domestic and international businesses:

l 'Hacktivists' who target defence, military or political websites

l The fast-growing area of 'ransomware' blackmail attempts whereby malware restricts access to a computer that it infects and demands a ransom be paid in order for the restriction to be removed

l Credit card theft and data breaches by well-organised cyber criminals targeting online banking and point-of-sale terminals in retail outlets

l Industrial espionage, whereby intellectual property is stolen by highly-skilled "industrial grade" hackers, often with the connivance of rogue nation-states.

Despite the rising threats, close to 60pc of security leaders interviewed for an IBM study said that the sophistication of attackers was outstripping the sophistication of their organisation's defences.

"The threat from organised cyber-crime rings remains the largest security challenge for retailers," said an IBM Ireland spokesman.

The retail and wholesale industries emerged as the top industry target for attackers in 2014, undoubtedly a result of the wave of high-profile incidents impacting name brand retailers such as Target and Home Depot.

In the two years prior, manufacturing ranked first amongst the top five attacked industries while the retail and wholesale industry ranked last.

In 2014, the primary mode of attack used by hackers was unauthorised access via Secure Shell Brute Force attacks, which surpassed malicious code, the top choice in 2012 and 2013, said IBM.

IBM security researchers report that in 2014 cyber attackers worldwide managed to steal more than 61 million records from retailers, demonstrating their increasing sophistication and efficiency.

However, that figure is probably a conservative estimate as many cases of data breaches are not being reported, warned one Irish cyber security expert.

In a worrying development, a large number of serious data breaches are not being reported to Ireland's Data Protection Commissioner - because firms are keen to "hush-up" the problem to avoid negative publicity, he alleged.

"There are certain levels of hacks getting reported to the Data Protection Commissioner but I think there is a lot of stuff that is not getting reported.

"We see this from a day-to-day perspective where clients will find something, they shut it down and they don't want the publicity around it," said the industry insider.

"In terms of disclosure of data breaches in Ireland at the moment it's not clearcut if you have to disclose or not," he said.

"Many organisations are taking the view of 'let's fix it and move on', rather than making a disclosure. There is definitely a lot more of this stuff going on in the background than you would see publicly."

Sunday Indo Business

Business Newsletter

Read the leading stories from the world of Business.

Also in Business