Big-Hearted Hackers

at

Minister for Health Stephen Donnelly

This morning.

Seems legit.

Sponsored Link

63 thoughts on “Big-Hearted Hackers

  1. goldenbrown

    we’re being taken for idiots. again.

    this dumbing down PR spin boopy-boopy has to stop.

  2. phil

    I suspect the reason is this scam usually plays out like so,
    Infect system, Demand ransom to keep stolen data private, Org restores backups and gets back to business and continues to work through the data breach issues.

    Why did the hackers give the decryption key? I suspect when they realised that the HSE computer systems are astonishingly bad, and would likely take them years to recover , they got guilty , its a hospital system after all …

      1. E'Matty

        Exactly. The whole thing smells of BS. Don’t be surprised if the “consequences” of this breach are claims that we all need new PPS numbers which will nicely facilitate new biometric identities for everyone and then the loss of data and records can be used to undermine and proper inquiry into the handling of the pandemic. Such “attacks” will become a common feature of our lives in the next few months and years. All of this has been long predicted by us ratlicking conspiraloons.

        1. Nigel

          ‘All of this has been long predicted by us ratlicking conspiraloons.’

          Can you point to where you or anyone else predicted a ransomware attack on the HSE just as lockdown restrictions are being eased?

          1. E'Matty

            Hi Nigel. On this very site only a few weeks back I warned of an impending cyber pandemic, as has been predicted by Herr Schwab and his pals at the WEF. According to the WEF, COVID-19 was known as an anticipated risk, and so is its digital equivalent.

            “A cyber attack with COVID-like characteristics would spread faster and farther than any biological virus. Its reproductive rate would be around 10 times greater than what we’ve experienced with the coronavirus.”

            In his welcoming remarks at Cyber Polygon 2020, WEF Founder Klaus Schwab warned about a coming “cyber pandemic” that would be worse than the current global crisis.

            “We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole,” he said.

            I specifically warned of cyber “attacks” on key utilities and services, including healthcare. Truly though, when this gathers steam, everything will be vulnerable. Consider how much of our world is now digitally managed. All vulnerable. This is the decade of transition. If you think we’re nearly out of the woods on Covid, you’re mistaken. We are only at the beginning.

            At the start of this pandemic, it was us “loons” warning we’d still be in Lockdown in a year. Here we are 15 months later, still in a locked down restricted society with no end in sight. We warned that vaccines will be sold as the only solution and anyone questioning them would be vilified. Here we are. We warned that vaccine passports would be introduced and were scoffed by the msm normies. Once again, we have been correct in our predictions of oncoming events whilst the mindless sheep who scoff and sneer are consistently wrong but act like they are the informed reasonable ones. It’s kind of like how we still get on US tv the same clowns rolled out before every foreign intervention, despite them having sold the disasters in Iraq, Afghanistan, Libya, Syria etc to the people. Wrong every time, yet they are still peddled out as if they are credible voices. How many times do you guys have to get it wrong before you think “hmmm, maybe my sources of information may not be wholly reliable?”.

          2. Steph Pinker

            E’Matty: don’t ever underestimate human frailty and lack of intelligence, or more to the point, imagination can never be overestimated.

      2. george

        They are cancelling scans, creating a massive backlog of work for themselves and generated some very bad press. Why would they make it up and how would they even keep it quiet?

        And if they did surely they’d have invented a better explanation of how it was resolved.

        1. newsjustin

          They made it up, just like they made up the pandemic.

          There’s no talking to some people – everything is a conspiracy. Loons.

          1. Gill Bates

            As an open believer in organised religion, I’m surprised you are casting judgement on those who believe in something without proof? You of all people should know how it feels to be on the wrong side of a popular opinion.

            I feel like I’m supposed to call you a name now…but I wont because its not nice.

          2. newsjustin

            Nope. They crazy.

            I believe in a faith that is mysterious when it come to the mysterious, but rational when it comes to the nuts and bolts stuff.

            Being on the wrong site of popular opinion isn’t a bad thing. Thinking, based on no evidence, that Stephen Donnelly is behind this crime against our healthcare system’s IT is silly.

          3. SOQ

            Well let’s start with defining what the crime actually was.

            Was it one server or the entire system? If not the whole system then what was affected? The entire system wouldn’t make sense of course because not all of the networks would be connected to each other.

            If it was just one server then the chances of it being a stroke increases- so scale is important. GDPR will tease this out of course because if only a small group of people are to be contacted then it is suspect- but that may be 6 months away.

          4. E'Matty

            Who has claimed Stephen Donnelly is behind it? You’ve been told without any evidence it was some mysterious Russian cyber hacking gang. It is just as valid to suggest the story stinks and to point out the possible motives for a deception. Donnelly wouldn’t even have to be aware of it. In fact, it is better if he too believes the cover story. People like you actually believe the world is as it is presented to you. Such innocence.

      3. John

        From what I have read over the last while it seems that it is not unusual for the encryption key to be provided if a ransom has not been paid.
        The Valuable part of the breach is usually the data that was stolen. The data can be sold to data brokers and the like. Identity theft is big business. I believe US medical data is more valuable than Irish data due to the set-up and cost of the US healthcare system. In a system where routine treatments cost tens of thousands of dollars, then buying someone elses medical history in an effort to give yourself a more affordable option for your own treatment makes individual patient record data incredibly valuable as it can be sold off on an individual record basis. Ireland doesnt have that problem.
        Also providing the encryption key can verify the bone-fides of the criminals. It lets the victim know that they are indeed talking to the people who have their data and not just someone exploiting the situation.
        Of course as it comes out that it was “Russian” hackers it starts to become a political problem from the country involved. Perhaps certain governments have pet hacker groups that they turn a blind eye to when they are hacking military and commercial data but intervene when it is in danger of becoming politically embarrassing.

    1. Unreal

      Neither – they just signed a consultancy agreement for data systems security services – read the small print in the C and AG report in a few months / years

  3. Nigel

    It’s not unprecedented. That crowd that hacked the pipeline in the US backed down when they thought they bit off more than they could chew. It’s possible they don’t actually like too much publicity and attention.

        1. Janet, dreams of an alternate universe

          I hear they sent a few crates of decent vodka and spuds complimentary with the key

    1. E'Matty

      The Russians make convenient patsies. No real questioning or investigation required, “It were the pesky Russkies what done it”. Convenient.

  4. goldenbrown

    all of this drama is unrealistic nonsense, an illusion

    an attack of this nature is an atomic thing – once done it cannot be undone – the systems are contaminated merely by the fact they got pwned compromised and given the length of time they had to play with there could be backdoors all over the gaff – bottom line it means you cannot ever ever trust what is there in-situ anymore – any and all systems have to be rebuilt and protected properly no matter what happens from now onwards (which is a massive undertaking)

    and as for the bad guys handing over the key….seriously that plotline is worse than Die Hard 4.0

    1. scottser

      but isn’t that why we all got the vaccine, so now they can just scan us and get a readout of all our personal data, where we’ve been, who we’re with etc.?
      *feckin magnet won’t stick*

    2. SOQ

      Absolutely- the assumption must be made that their systems have been compromised. I expect they will be looking for evidence of unusual logins like old admin accounts or strange login patterns but even without, the same rule should be in place. This is very private data so highest standards must be applied.

      Lets hope there was a proper disaster recover plan in place but how far back should they going on cloned servers? Key or no key, the entire network will probably need to be rebuilt, and government will have to cough up the big bucks, because it is not cheap.

  5. SOQ

    People do not realise the work involved in decrypting those files- a single one could take hours. And even when it is decyrypted there is all sorts of integrity issues.

    Has it ever been published as to what ransomware it was?

    How many systems were affected and what type?

    1. newsjustin

      Yeah. It’s like nothing happens now that isn’t a conspiracy involving our government.

      1. SOQ

        But it is a conspiracy- one or more individuals conspired to blackmail the Irish State- what else could it be?

        1. newsjustin

          Yes, it’s a criminal enterprise, a conspiracy of criminals. But I doubt it involves Irish Government or HSE people as part of that criminal conspiracy as people seem to be suggesting.

          1. Bitnboxy

            Or my favourite claim is that some dark government bogeyman is orchestrating this to bring in “biometric cards” (read Soros chips) foisted upon an unsuspecting citizenry.

            The current BS editorial line for literally anything is most certainly: “Wake up – the obvious answer is not the right answer. Dark and shadowy forces are up to no good – all is not what it seems”. Long live the Q.

            Jaysus #2

          2. SOQ

            It is not beyond the realms of possibility that it is attack by another state? The Russians are mentioned but Israel got a lot of heat from Ireland over Palestine and from what I gather, they are on top of their hacking game.

            Who knows- I’m way more interested in how the HSE tech people are going to clear this mess up. I really feel for them because they would have been screaming for proper funding for decades- and that was and is the core problem.

          3. goldenbrown

            speaking for myself newsjustin – that’s not what I’m suggesting as I have no way to know that – I’m only going off the information available.

            what I am definitely suggesting is:

            1) we are being lied to about the length, breadth and depth of the problem. and its solution. this is a sovereign disaster as much as if some bad actor launched guided missiles at us. the state and it’s individual citizens are damaged as a result.

            2) expecting a well educated computer literate population to swallow a computer movie plotline where bad guy hackers have moral rethink (or some other cockeyed variant) and give back key sorry about that no harm done call it quits is frankly cynical PR strokeology, it’s simply not plausible and smacks of “if we can make them believe that we can make them believe anything”

            not plausible

          4. Unreal

            it doesn’t need to Justin
            Stop misinterpretation of his words please
            Or maybe you just don’t understand

    2. Junkface

      It’s not Irelands style to run “false flag operations” or any other US style conspiracy shenanigans. We don’t have the competency in our institutions or systems. I mean they can barely handle day to day stuff, the HSE. We really are in the age of misinformation aren’t we?

      1. newsjustin

        Exactly. Anyone who believes Irish civil servants have the malice, incentive, skills, appetite for risk, or balls to commit (or play a roll in) a huge conspiracy against their own healthcare system is a conspiracy loon.

      2. SOQ

        Fair point Junk. Pretty sure there is evidence all over the place that it did actually happen but- in the back of my mind I keep thinking that it is all very convenient.

        Once the figures are collated as to harm done to people’s health, you will see a big swing towards lockdown scepticism and people will become very angry- and now they have this very handy excuse to obfuscate.

        Politicians and top end civil servants pulling strokes to save their own necks is hardly a new thing now is it?

          1. SOQ

            Because at this point and for the foreseeable future, all data analytics will have ceased. And when the systems have been rebuilt- there will still be integrity issues for quite a long time.

            So when questions are asked as to how many people are now in stage 4 cancer for example, expect some sort of response along the lines of ‘we cannot provide that information at this time’. Even when it comes to Covid-19 they have already admitted that the figures were over counted so that too will be kicked down the road.

            I am not suggesting that this was a false flag operation- at all- because it can happen, but I am pretty certain that certain individuals will take advantage of it to cover their own asses.

  6. kerryview

    “By this Government”….”I did not have sex with that woman”…”you didn’t ask the right question”…….spin spin

  7. SOQ

    Just a point on the psychology of some of these hackers- it may seem like a strange thing to say but outside of state actors, they are actually not bad kids. They have a passion for technology and in some cases, may be on the autistic scale. They see breaking into a system as a technical challenge rather than to make money- which may be the case here as they returned a key.

    Usually, they are just appalled at the lack of system security and before an attack do leave clues of their presence. Of course those clues or messages are always covered up because it looks really bad for the administrators, but their real drive is to encourage people to get their security act together.

    That is not always the case but in some instances, it is.

  8. SOQ

    OK so the hackers are claiming to have been on site for two weeks- which sounds about right.

    As I said, the decryption is extremely slow because it has to rebuild all the files and even then, there is no guarantee that they will be as was- a simple example being the formulas within an Excel spreadsheet which do not rebuild properly. Those programs are never well tested so they really are better bite the bullet and restore everything. It looks like quite an extensive infection, which means they were all over the place.

    https://www.irishtimes.com/news/crime-and-law/hse-cyberattack-decryption-tool-functional-but-unlikely-to-offer-quick-fix-1.4571472

    As I said, the people I really feel sorry for are the HSE tech staff. That they were running Windows 7 or below is a pretty good indication of how underfunded they were and if the PC operating systems were so behind- then it is highly likely the servers were too.

    All of this storing some of the most personal information in the country.

Comments are closed.

Sponsored Link
Broadsheet.ie