CAO to carry out internal inquiry into cyber attack

 

THE CENTRAL Applications Office (CAO) is to conduct an internal investigation into a cyber attack which crashed its website for several hours yesterday.

Tens of thousands of applicants were unable to check their first-round course offers until 1pm after cao.ie was targeted in an early morning denial-of-service attack.

The office’s internal investigation will attempt to identify the source of the attack before a decision is taken on whether to report the matter to gardaí.

Yesterday’s attack was first noticed when the website crashed at 6.10am, just 10 minutes after the offers were placed online.

The majority of visitors to the site were met by a message that the site was undergoing maintenance, and they were unable to accept their course offers.

A denial-of-service attack is a type of cyber crime which often occurs when criminals or hackers create a network of computers using software downloaded by their unsuspecting owners.

The computers are then directed to send multiple page requests to a specific web address, overwhelming it with traffic and preventing it from responding to legitimate users.

The motives behind cyber attacks are often financial, and online bookmakers are known to have been blackmailed ahead of major sporting events.

CAO operations manager Joseph O’Grady said yesterday’s attack was “malicious” and came from an unknown source.

The office’s website was previously targeted on July 1st, the deadline for change-of-mind applications.

The site did not experience the same level of disruption on that occasion, and a subsequent investigation was unable to identify the source of the attack.

Mr O’Grady said the applications office would continue to monitor the website closely “with the aim of ensuring the continuity of our online services for applicants”.

Thanking students and parents for their patience, he said more than 23,000 online acceptances were recorded by 5.15pm. This figure compares with 22,000 accepted at the same time last year.

The CAO moved quickly yesterday to assuage the fears of applicants who may have accessed the site during the attack.

Students who accepted an offer during that time can log in to the website over the coming days to confirm their acceptance has been recorded.

Acceptances can be also be made by post, and the deadline for receipt is Monday, August 30th, at 5.15pm.

Union of Students in Ireland president Gary Redmond called for a full investigation into yesterday’s incident.

“It’s unfortunate that the CAO website had issues this morning because obviously it’s a very stressful time for students,” Mr Redmond said.

“An urgent investigation needs to be launched to ensure it never happens again, and certainly doesn’t happen next week when the subsequent rounds come out.”

The national umbrella body for school student councils, ISSU, said the incident left students “distraught and distressed”.

Calling for an independent investigation, the student rights organisation said yesterday: “It is imperative that technical difficulties of this scale cannot be allowed to happen in future, as they cause unnecessary worry for students at an already stressful time and undermines confidence in the system.”

Brian Honan of the Irish Reporting and Information Security Service said attacks such as yesterday’s were increasingly common.

“This type of attack is the most common type of attack that can occur,” Mr Honan said.

He said denial-of-service attacks were “a very effective tool in the hands of criminals”, as many companies may not have the resources or expertise to defend themselves and are left vulnerable to extortion.