Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THIS WEEK SAW the sad passing of Albert Reynolds, the former taoiseach, who was instrumental in securing peace in Northern Ireland.
By Reynolds’ side during two turbulent years as taoiseach was Seán ‘Diggy’ Duignan, the journalist-turned-spin doctor, who will be familiar to many from the Six One News and spent two years as Government Press Secretary.
He later wrote a book/diary about that time – One Spin on the Merry-Go-Around which is perhaps the definitive account of that period in Irish political life.
It’s a wonderful read with plenty of colourful anecdotes. Here are a few which tell us a lot about what type of leader Albert Reynolds was
1. He was ruthless
Duignan recalls how Reynolds dealt with the sacking of half the cabinet that Charlie Haughey had left behind in the hours following his elevation to the office of An Taoiseach in February 1992.
Left with only half an hour between sacking the old ministers and leading the new ones into the Dáil, it was thought he would do the deed en bloc. But instead Reynolds saw them individually:
“It was all over in less than a quarter of an hour. None of the victims was given much more than a minute. Only two argued the toss, Health Minister Mary O’Rourke and Chief Whip Dermot Ahern who demanded to know how he had transgressed to merit such a fate. ‘You didn’t,’ said Reynolds. ‘You just backed the wrong horse.’”
2. He was a strong believer in party discipline
As the government grappled with ensuring that the State’s strong anti-abortion record was maintained during EU negotiations on the Maastricht Treaty, Duignan broached the idea of a free vote among the government TDs on ‘conscience’ issues. Reynolds was not a fan:
“He dismissed this as naive; a governing party’s duty was to govern, not to equivocate, prevaricate, procrastinate or, God forbid, capitulate. It was not the first or last time I listened to the Reynolds philosophy on the responsibility of power: Decisions, decisions, decisions, and hopefully, you get the majority of them right. The government governs.”
Reynolds, perhaps unfairly, had a reputation of being a country bumpkin, who was part of if not the leader of the ‘country and western wing’ of the Fianna Fáil party. He was ridiculed, often by comedians like Dermot Morgan, and yet he was utterly at ease with fellow heads of government at international conferences and it was to his benefit that he adopted such an approach. Duignan explains:
“He approached even the most august world statesmen with a total lack of self consciousness… I made the point of observing him in such situations. Whether with Mitterand, Clinton, Keating, Kohl, Major, Gonzalez, Delours or whomever, he was relaxed – alert, interested, sometimes fascinated – but always relaxed. At EU level, he instinctively struck the right balance between affability and persuasiveness. We would joke about his style – ‘I told Jacques to say to Helmut he’d need to be careful with yer man Felipe’ – but it was totally unfeigned.”
4. He had an enduring relationship with John Major
Reynolds first met John Major, whom he worked so closely with on the eventual Downing Street Declaration, when the pair were their countries’ respective finance ministers in the 1980s and Duignan recalls a poignant story Reynolds told him about that encounter:
“He described to me how they had been introduced at a European finance ministers meeting in Brussels in the 1980s soon after Major’s appointment as Chancellor of the Exchequer. ‘What do I need to know about this?’ Major said conversatuionally. ‘That you’re the bad guys,’ replied Reynolds, ‘bad Europeans, bad partners, bad everything. The game here is for the rest of us to gang up against the anti-EC Brits. But I think you and I are going to do business.’”
5. There were always going to be problems with Dick Spring
Fianna Fáil and Labour entered a historic but short-lived coalition in 1992 with relations between Reynolds and Spring gradually deteriorating despite their best intentions at the start. Fianna Fáil and Labour had obvious differences but so to did the Taoiseach and Tánaiste on a personal level as Duignan reveals:
“These conflicting FF-Lab priorities were compounded by the different character and personality of Taoiseach and Tánaiste. Reynolds was manipulative and impatient of opposition to his wishes. Spring was moody and quick to take offence. Given these characteristics, it was always going to be a bumpy ride, but I was still convinced that they were both sufficiently astute to arrive at a modus vivendi.“
To embed this post, copy the code below on your site
This is why staff training on this is so important. It only takes one click
@Edward Natali: think how much time and money could be saved with a few zoom courses on internet safety and spotting phising scams
@Edward Natali: Not sure if you are being sarcastic or not.
@Edward Natali: yes simple. Couple of zoom classes. Across 1000s of employees in the middle of a pandemic.
@Edward Natali: true, that being said, I wonder what standard of protection the HSE have. Didn’t they stil have Windows 7, which has many holes.
@Edward Natali: training on Info Sec is vital but that’s an extremely narrow view, systems need to be current, updated, backed up, and that’s just the beginning. It’s not just a single point of failure.
@Chris Byrne: windows 7 doesn’t have many holes and is still supported for businesses .
Besides which the hse shouldn’t have employees ahving access to unencrypted drives with a terabyte of customer info on it .
It’s just bad management
@Chris Byrne: Windows 7 or WIndows 10, the hack they deployed wouldn’t have made much of a difference. Even though Win 7 is out of support, MS will still provide security updates to customers that pay an additional yearly fee. It doesn’t matter if you have the best security systems, if someone inside invites the hackers in by clicking on a bad link it’s game on. Companies need to provide better training on how to avoid these scams.
@Chris Byrne: I can’t speak for the HSE and I’m making assumptions with this comment. If you have a very large organisation, with a great scope and variety of recorded data, that probably stretches back through older IT hardware and software systems……upgrading hardware and operating system software would take a long time and have to be still able to cope with some critical legacy applications and network elements. IBM itself suffered from being so big and having so many levels of management that decision making became problematic to implement quickly. There were 67 levels of management (I think) between the head of IBM and the newest junior employee.
@john s: company’s do this all the time, it doesn’t need to be a zoom class, it can be a presentation you watch and verify, then there’s phishing drinks as well. These make people more aware/suspicious of emails from unknown sources.
@Edward Natali: It’s far from clear if it was one click. The explanation in the article seems almost deliberately vague
@David A. Murray: I mean when IBM was at the height of its success in the early 1980′s. They had got that big and successful by cornering major parts of the IT/mainframe business. When change in the computer business became more rapid, IBM were ill-equipped to adapt.
@Edward Natali: you’ll have to explain abit more on staff training, because it’s really common sense to know if something looks legit or not.. but hey everything must be true if its on facebook
@sean o’dhubhghaill: lol click on the link to training moudule
Http:/ godhelpus / trainig
@Edward Natali: those pesky pishing scams
@sean o’dhubhghaill: Why would he be sarcastic. Theres any more things to be done, such as actually caring about keeping goverent I.T. infrastructure up to date, but it’s still surprising how many people belive scams that tell them to click on a link or pay money for support. Staff training would help with that
@Chris Byrne: Window XP or Windows 10. Doesn’t matter in this case.
@Edward Natali: they already were in the system and exfiltrated the data before showing the message.
@john s: yes, it would absolutely be simple, zoom can handle 1000+ participants… even during a pandemic it seems!
@David Kelly: That’s not always the case. I’ve seen some come thru our company that have a level of detail, that our cyber security guys have to really look at to confirm it’s a scam. These are targeted attempts, very specific to our company, not some random scattergun approach.
@Edward Natali: seriously you think a few zoom meetings are going to sort this?? The hse computers were not secure, they had outdated software, and a lone computer ? No such thing I would have thought in the network and no matter how many times you remind people not you click on links.. someone always does it.. distracted with work , talking to someone.. seriously unlucky.. we need to update everything and employ some of these hackers to help make systems safe again.. we also need them in our Dail.. our firewalls were not good ..
@Justin Fay: That’s not clear. The message could have just been on some dodgy site and the user clicked a link, downloaded and installed some software.
@Dawid Grzybowski: Using Zoom??? Zoom bombing was almost a national sport for a while!!
@Alan Byrne: it also depend on the type of access the user has.
@Mickety Dee: It is clear, how would they encrypt and download 700GB of data almost instantaneously? After clicking the user was brought to a chat where the ransom demand was made. It is public knowledge they were in the IT system for 2 weeks prior to making the demand. Bad reporting by the journal.
@Edward Natali: There are some basic ‘internet hygiene’ rules that so called staff training focus on: 1. Do you know the sender of a message? 2. Is the message expected (e.g. part of a previous telephone conversation)? 3. Is it coming from an known address? Has it passed through malware protection.
So I know of several instances where the answers would be:
1. Yes
2. Yes
3. Yes
4. 3 different protection systems.
Citing ‘staff training’ is glib.
And… one person does not have access to all the HSE systems that have reportedly been affected. the true nature of this incident will take some investigation.
@AJ McLaughlin:
Alas 10 years ago that may have been enough. But with the rise of cryptocurrencies that bad guys have financial incentive to build teams that can break anything – package it all into a toolkit that they can sell for equivalent of a 1000 bucks with complete impunity
@Edward Natali: I work for a major IT company here, and they send out face phishing emails at least once a month, if you get stung, you need to do a small training which fills you in on all types of attacks… The issue here is not the employee that’s for sure and people would be wise not to make any assumtions…. But this is the HSE we are talking about,
I genuinely feel sorry for this person right now they literally have the weight of the Health Service of Ireland on their shoulder and the Guilt that they are feeling must be completely unimaginable feeling that are responsible for sick people not been able to access the care that they need because of their unintentional actions and I genuinely hope that they get proper support and not vilified.
@Fi Wyse: 100% I would hate to think they are going to get in awful trouble for this.
@Fi Wyse: and reading your post will help with that.
@Fi Wyse: I agree. I hope their identity never reaches the public domain. It’s a mistake anyone could make, and if it hadn’t been them, it would have been someone else.
@Fi Wyse: not a very helpful or kind comment. It infers that they should feel guilty for the actions of a criminal gang??
Whoever the person is, they are not responsible and they should feel NO guilt
@Angela Lavin: no, Fi imagines that they would feel guilty and clearly says that she hopes the person isn’t vilified.
@Angela Lavin: I think that was the intention of @Fis comment, ie for the person who clicked on the link not to feel guilty about it and to get the support they need if they do feel guilty or stressed about it.
@Angela Lavin: I don’t think you understand my post.
@Fi Wyse: All this could easily have been avoided if the right systems were in place. The staff member is in no way responsible. The sham that is the hse is so incompetent that it doesn’t have security in place to avoid this situation.
@Fi Wyse: Given the HSE’s history of never accepting responsibility / liability when losing court cases and the multitude of mistakes and damage it has caused to people eg X case, Hospital trollies etc etc etc. It is the people who work in the HSE that are the HSE and we should all start holding those people accountable, not just 3 letters. She may have just tried to fix a computer but the real story is why weren’t systems previously backed up and protected. The Hackers are not the only ones in the wrong
@Fi Wyse: I agree 100 % a awful thing to happen but it could happen to anyone
@Barrycelona: she eh?!!! Couldn’t possibly have been a bloke then?!
@ZiggyS: it’s public sector
They’re grand
Nothing is going to happen to them
@ZiggyS: Why should they carry the can the HSE, Paul Reid and their computing services are to blame. Who the hell is still using windows 97. They are so out of touch that it was inevitable this was going to happen and is now going to continue as these criminals now know what crap systems we have. It should now be a priority that the Government invest heavily in making sure that all Computer systems are totally up to date and as far as possible be hacker proof. My comments are not toxic but literally point out the problem. Everything that is provided by the state is usually on a very thin shoestring which goes back years.
@Fi Wyse: the have not.. this is down to crap security by the hse computer systems.. in dire need of updating
@Fi Wyse: That employee only got the ransom notification. At that stage the hackers had already been through the system and downloaded patient data. Dont shoot the messenger
@Barrycelona: SHE????? Why not a HE?
@Barrycelona: that’s very close to “but what was she wearing?” style victim blaming.
@ZiggyS: Unless any sort of training was provided to avoid these type of scenarios then i doubt anyone has anything to worry about… What is alarming is that they seem to focusing on one single person like a scape goat… The issue here is no the employee but the whole IT system in general.
Was it the Nigerian Prince with pallets of cash to deposit in your account?
@Greg Ward: i was chatting to him yesterday. He was still looking to get sorted so don’t think so. Gave him my bank details to help him out. He was telling me that everyone just assumes he was a crook. I knew he was genuine when I saw his profile picture of himself outside his Palace….
@Enda Flaherty: I hope you have him your mother’s maiden name, often it’s handy to pass that on especially if you’ve a common name and they need to track you down to find you and pay you the reward.
@This time its personable!: actually that did come up. Really nice guy. So interested in my life. Even wanted to know my first pets name..!!!
@Enda Flaherty: aw isn’t that just lovely to hear, so much misinformation going about, goes to show you shouldn’t judge people who have random numbers and letters in their @gmail address!
@Greg Ward: comment of the night !!! Classic
@Greg Ward: George Agdgdgwngo, its all making sense now :
https://www.youtube.com/watch?v=R9biM_ZfIdo
This story seems doubtful. 700GB of data, including relational databases, accessible from a single computer with permission to overwrite with encrypted copies?
@Helpless In The Face Of Your Beauty: used as an entry point to access existing network access
@Helpless In The Face Of Your Beauty: My thoughts exactly. They’re really rolling out some absolute porky pies.
@Helpless In The Face Of Your Beauty: this is the hse , that’s the laziest way to do it .
The nhs recently had its vaccine database crash because it was just an excel sheet .
@Helpless In The Face Of Your Beauty: You’re aware of the internet, right? ;) You wrote this comment from a single computer to a website through encrypted traffic, saved it to a database, where it now shows to all the rest of us. Don’t underestimate the power of one compromised computer on a network..
@Seán O’Sullivan: that was Serco the private company hired to run testing in England and Wales.
@Helpless In The Face Of Your Beauty: under normal circumstances, that would sound crazy. But we don’t know what attack mechanisms they could have launched once they have access to one machine. Could be some RDP back door with an admin elevation hack that no normal user would unleash on their own.
@Helpless In The Face Of Your Beauty: agree with you.
@Helpless In The Face Of Your Beauty: well the journal got it from a trusted source so must be legit
@Helpless In The Face Of Your Beauty: There is plenty of information on the internet on how the Conti virus is planted and once it starts spreading from one infected machine to another it will soon come across an account with Administrator access, and then it uses the psexec command and RDP protocols to infect and access servers and other PC’s. There are a number of measures you could put in place to stop this but it makes administering a computer network more difficult. We need to invest more money in properly securing our critical IT systems. It can be done.
@Helpless In The Face Of Your Beauty: that’s exactly how it works. All they need is the smallest of gaps and they are in.
@Helpless In The Face Of Your Beauty: NotPetya in June/July 2017 disabled an entire country (Ukraine) and then wider across the world within a day from a single computer in an accountants office in Odessa. All it takes is one accidental or mistaken click on an unpatched computer and its a done deal.
@Mr Cylinical:
Still doesn’t ring true. Patients data is held on databases. Even is they could access the tables and copy it is highly likely it’s hashed, plus they’ve no presentation layer to decipher.
@Mr Cylinical: Bang on. Or even back doors most IT folk don’t know about.
@iohanx: You’re right about the presentation layer. I’ve had the dubious pleasure of trying to decipher even non-encrypted databases from legacy vendors and it isn’t straight forward (what does status=1 actually mean? Where do the keys and indexes actually lead to?). I suspect its file shares with plain old Word docs that is at issue. Particularly if its ‘only’ 700GB (although even that, if true, could be up to 9M individual docs) [lots of assumptions in that calculation]
Employee of the year contender surely
@Sam Murray: No, that went to Paul Reid. It’s all a popularity contest if you ask me.
@Sam Murray: Low blow- it can happen to anyone, also could have been an employee of an older generation. Not everyone is as tech savvy as you may think, especially those who havent grown up in this new digital world from birth.
@Sam Murray: could happen to anyone man, cop on, was hardly intentional on their part. 100% blame to the hackers who targeted a national health service
@Sam Murray: you are very cruel. The HSE computing services at fault here.
@Byrne Billy: they are a HSE employee ffs
Not some tech illiterate random granny
Everyone should get training on this stuff to spot dodgy mails.
That’s not rocket science by any means.
In fact it’s mainly being street wise with a 5 minute understanding of hyperlinks
What use is an injunction if the data is sold or accessed in another country. Surely the injunction has no basis outside Ireland
@Paul Dolan: It’s not much use internationally, but I’m sure there might be multiple companies here that wouldn’t mind seeing that data if it was accessible, private health insurance providers, car insurance, etc.
@Paul Dolan: useful to order the USA giant ITC to block the links on their searching engines as well as act immediately when a person request them to erasure of their personal data. With the other any person can request to these companies to remove the links from their searching engines. The herd protecting the community
@Alan Byrne: I doubt they’d be able to use it, pretty much impossible to find a lawful basis for processing it on several grounds. I doubt a local insurance conpany would take such risk.
@Claude Saulnier: Yes, it would be a risk, but still private data like this has a value and can be exploited.
@Maria Quinn: what?
@Paul Dolan: it does if the platform used to blackmail someone here , Facebook Instagram etc .. it becomes their problem
That’s not fair now to blame this poor person. Imagine how they feel ? If the hse had updated their systems then maybe this would not have happened. Not fair to blame one person come on.
@Emer Daly: Probably not so much to do with updating as with security levels. You can have a fully up-to-date system but if you have standard employees that can execute processes with admin authorisations then you have accidents waiting to happen.
@Emer Daly: they employees should not be doing any personal internet usage.I can’t believe they had no backup.
Sounds like the journal and/or their source have completely misunderstood whatever information was passed to them. What they are describing is a computer that’s already encrypted and the ‘link’ the user clicked contained the details on how to pay the ransom. The hackers were already in their network before this user clicked the infamous ‘link’ in their clickbait headline. No other news company is going with this story.
@dreiglaser: Exactly. It specifically says in the story that the hackers were in the network for some time before they learned of the attack. And thay also explicitly say that this employee was the one who was informed of the attack. A lot of people seem to be believe that just training people not to click on links is all we need to do. In fact the hackers may have gained access through a number of different routes.
@dreiglaser: Agree. Probably soon to attribute the ‘LinkGate’ tag to the whole debacle.
Promotion for that person in due course no doubt
@LaoisWeather: Bill Clinton did not touch that computer.
@John Sullivan: Maybe not Bill. But Hillary’s emails?
My goodness. What a shambles
@Anna Carr: The weakest link in any network is the human element. I was watching this thing on youtube about fake tech support just last week. A guy had hacked their network with a reverse tunel and got cctv audio from all the calls and got in contact with bbc a great watch. But this is exactly what they fell for Fake Tech-Suport.
@Stefan Epure: wow that’s incredible.
This reads like total gibberish. Terrible article.
Just goes to show how poor email server and cyber security protection is if this attack goes through firewalls and security screening. Shame on you HSE for not backing up your systems and testing BCP plans regularly. IT 101
@vanc: Eh? They did backup their systems and are currently restoring them from backups. No guarantee email was involved either.
@vanc: They have extensive backups for the important databases, if the infections goes back a couple of weeks as suspected they will not have lost much data compared to the amount of important historical data they have that they need to access.
@Mickety Dee: doesn’t take as they say “weeks” to restore only 700gb of data.
@Alan Byrne: if they contact me for money to stop my data being published I will pay them with all the money I have in my Monopoly set and throw in a hotel and railway station
@Edward Reid: No point in restoring if there is still malicious software present. I’d say they are rebuilding the servers from scratch to be sure they are clean
Whats the betting that the user had local admin rights on the PC they were using. Local admin rights are evil in the enterprise and should never be granted to end users.
IT security should be layered like an onion where a small mistake lower down doesn’t hose the whole network.
They should have implemented the principle of least access (where employees are only given the necessary permissions to carry out their work)
However if the malware did exploit a zero day, its game over.
Regular penetration testing by outside cyber security companies is required, such as fake phishing campaigns (which generates a report to IT on how many clicked the link) also include the classic dropping a few flash drives in the car park of the hospital to see who is careless enough to plug them into their PC.
@Allen Nicholson: I agree, and on the fake phishing tests, it’s amazing to see the people that fall for them, I’ve seen many IT support staff amongst them that should know better.
@Alan Byrne: In fairness some of them are well thought out and worded so as to think it might be relevant to you. I work in IT and clicked on one recently (in my defence, after a very long day!). It referenced something that I had been expecting a mail on and I had clicked it out of instinct before I actually read it. D’oh
People saying they should be getting phishing training I agree but don’t forget they are also using windows 7 ffs. Lost cause.
That person will probably get a promotion.
@Donal Hogan: Clearly you understand nothing about computers or hacking. This person was used to inform the HSE that the hackers were already in the system, likely for weeks or longer. He or she didn’t let them in.
It sounds like by the time they initiated communication that the damage was done, it wasn’t this one poor persons fault they just happened to get the demand.
@Bluechip78: The journal think they have a scoop but they’ve completely misunderstood what their source has told them
HSE is beyond a joke. Inefficiency and incompetency from top to bottom. Needs a major overhaul or else privatisation might be the way to go
@Hugh: Privatisation with the government paying everyones yearly subscription would probably be cheaper than what it currently costs us due to the ineffecient setup we are lumbered with.
@Hugh: Yeah right because privatised healthcare works so well and because no large private companies have ever been hacked. Hacking is a fact of life. Very large and sophisticated companies have been hacked including very sensitive areas of the US federal government. No company is necessarily immune to this. It has zero to do with ownership. The NHS was hacked some years ago should they be privatised as well? Take your ideology elsewhere.
Well that’s the problem with keeping staff working from home! It would not have happened if staff were working in the office. It’s time to get people back to working from office again .
@Heisen berg1: bs
@Heisen berg1: Nonsense comment
@Heisen berg1: Nothing what so ever to do with it.
@Heisen berg1: utter rubbish
If only the computer said ‘no’!
@John Caplis: it would have if they didn’t cancel Little Britain!
“Are you tired of not satisfying her, all can change with this pill..click here”
There are two new support system that were launched in the last 15 months, one is on line IT support the other around the new SAP payroll. The roll out of SAP has been very problematic with very little lead in time due to Covid. Its not hard to understand how some could hit a suggested support link if they were having issues,around either of the systems.
@Paul Murphy:
Surely the SAP payroll, internal emails, Admin, and patient records are on entirely separate fully protected circuits, to presumably cloud-based systems within the organisation, each requiring independent log ins.
An independent IT audit and Report on the findings may be required so that we all can learn from the attack.
@Rory J Leonard: cloud based…..in the HSE. Not a hope. Broadly, the public service is still almost exclusively based on premise. ICT Managers across the HSE have been clamouring for guidance from the OGCIO in regards to cloud usage and the prevailing wisdom is not to use it as its “not secure”. Many public service bodies are only beginning to look at cloud and they’re 5 years to late.
@Rory J Leonard: nope!
@Rory J Leonard: I cab log on to any PC in the HSE using my account once I select the correct domain. I have access to the systems that apply to me ie SAP, NIMS, but many users will have multiple access to various systems depend on their role. Everyone has access to email and that’s the only common denominator. I need access permission from an Admin to access certain folders on a system of different drives but on email could bring the whole thing tumbling down
They should have been sitting at their desk when clicking the link, would have saved them having to ‘reach out’, not good for your back.
Who scripts these articles?
I’d like to go on the record and say that allegations that the name of my first pet was ‘Rover’ are unfounded.
well my data has already been published as evidenced by third party criminals constantly calling me. I just block each number in turn and they stop. if we just don’t turn a hair whatever they do, their business model fails.
Typical blame game… If the right systems and backup were in place this could easily have been avoided. But now we must spend “millions to fix this”… Same old story, no one will accept responsibility.
Whats the betting that the user had local admin rights on the PC they were using. Local admin rights are evil in the enterprise and should never be granted to end users.
IT security should be layered like an onion where a small mistake lower down doesn’t hose the whole network.
They should have implemented the principle of least access (where employees are only given the necessary permissions to carry out their work)
However if the malware did exploit a zero day, its game over.
Regular penetration testing by outside cyber security companies is required, such as fake phishing campaigns (which generates a report to IT on how many clicked the link) also include the classic dropping a few flash drives in the car park of the hospital to see who is careless enough to plug them into their PC.
Never clicking a link again. My bad
Fake news as usual from the journal
@Noel Donohue: Indeed. It is well known and publicised (by Interpol, FBI, etc) that this was and is an outfit comprised of mostly Ukrainian hackers. Go figure.
At best this article seems like a misinterpretation of the information, and at worst is just speculation being passed off as fact.
If the employee followed instructions in a file already on their computer, that would suggest that some breach had already occurred, otherwise how would that instruction file have been on the computer in the first place…
Very disingenuous to state as fact that the ransomware attack ‘began’ when the employee followed these instructions.
Seems the Journal, and their source, have just enough information/knowledge on the subject to be dangerous.
@Jim Murphy: They have just enough information/knowledge to ensure you remain in the dark.
Where is the Russian ambassador?
Has he left for Moscow
@Patrick Guerin:
This event happened immediately after the” jews in palestine ” threw a hissy fit over our condemnation of their assault on the Palestinians which followed a deliberate series of provocations in Palestinian east Jerusalem and during friday prayers which was predictably responded to . Israel has form and skill in such attacks qv Iran.
Perhaps the Israeli ambassador is the one who should be expelled ?
I wonder was the hackers name DrZeroCraic who usual avenues of getting confidential information from the HSE have temporarily dried up???
People clearly didn’t read the article.
The employee who clicked on the link didn’t CAUSE the attack. They DISCOVERED the attack.
@Gerard: read again, in these types of attack when the user clicks on a link it downloads and execute a malware
I hear the employee’s name is Chandler and he clicked on an email with nude pictures of anna……..
This is exactly what they fell for https://www.youtube.com/watch?v=le71yVPh4uk
@Stefan Epure: Great expose video, thanks for that link.
@Stefan Epure: nice try, I’m not clicking that link
@Random_paddy: Do it Paddy, it will be me on the other end providing on-line support. I won’t charge much to fix your computer. I’m trying to earn a few bob here ;-)
@Random_paddy: yeah i should have, actually provided a little info on content. Its the begining of a series of videos and a documentary that i belive everyone should watch. It shows exactly how theese guys operate and scam anyone that falls of it. Most victims are vulnerable people that arent great with tech. Education is key to stoping this kind of activity.
Completely misleading article title! They had comprised the network some time before this communication started via the link click :/
@Marty Quish: I don’t think this makes much sense, why would the attackers create a link to communicate the hack if they had control of the system?
I’m not a conspiracy person, but I do think there’s more to it.
politicians never get in trouble when they do wrong or make a mistake.
This puts the HSE in a very bad situation if accurate. The ransom will be tiny in comparison to DPC fines, Possible European fines and litigation from citizens. It suggests a complete dereliction of duty.
Not sure what is worse the insistence in “it wasn’t the Americans” or the incredible explanation like people knew nothing about firewalls, security controls and filters in workplace computers.
The only way to pass the firewalls is by someone actually working on them within the organisation, again strongly pointing towards USA subcontractors. The only with a reason too, the High Court decision to keep our data in our Land.
Today the government has got the High Court permission to order to all those USA corporations to remove from their searching engines anything that facilitate finding the data stolen by the noisy neighbour.
@Maria Quinn: What on earth are you talking about.
@Alan Byrne: normal ITC security in workplace with sensitive information. A team filtering and blocking access to …. the version of the government is impossible unless someone from the ITC security opens the wall, the access. All it’s contracted to USA corporations. They’re the only ones with an interest and in the trusted position.
The problem with the scams phone calls is a security at servers level, physically according to them … again USA contractors and again the FB Vs DPC on behalf of the EU case …. FB lost therefore “our data in our Land”
@Maria Quinn: any person phoning to government and public services lines … got a phone back from the telecom servers managing the system from the scammers …. you need physically access to the telecom servers to do so
So the question is where are those servers and who are the subcontractor
Let’s make up stuff
Bleedin spanner
The spelling in this article is terrible.
it is not the staff member’s fault. the lack of adequate training/policies/procedures, and security awareness around the elaborate schemes on phishing/social engineering.
the blame lies fairly and squarely with the IT department management and in other management departments.
force the staff to go through a training sessions and learn to discriminate, “if in doubt of any suspect email with phishing attempts, forward to security at IT department” and mass circulate alerting everyone. it’s a two way thing. clearly not the case here.
I think we miss the point at times, I have given a cyber security class, people don’t intentionally click on bad links. The con men coax them into clicking on a link they think is fine. A lot of contentious people have been caught out. But on the flip side the security of the servers etc must be better to battle the virus if downloaded. And most importantly up to date software and hardware.
I was right.
Dr. Hook
We need your bank details Paddy
What an absolute muppet of an employee!
The work was done at that point.
Front end machines probably need be out of contact with public almost everywhere you can get to the ports at back and email still the greatest threat for everyone.
Fire that woman
This is confusing. Did the hackers gain access to the network when one employee was tricked into clicking a link? Or had the hackers already stolen the data and then started to communicate with the HSE by making one PC non functional and directing the HSE employee to clink a link to message with the hackers?
have your say