MORE THAN a hundred Irish websites have fallen victim to hacker attacks in the last month including one for the Irish presidency of the EU, which was developed at a cost of over €2 million.
The EU presidency website at www.eu2004.ie is now off-line. A spokeswoman for the Department of Foreign Affairs confirmed that the website was taken down on May 1st as soon as the infection was discovered.
She said the Department had confirmed there had been no loss of sensitive data and the Data Protection Commissioner had been informed.
In 2005, under the Freedom of Information Act, the Department of Foreign Affairs revealed that five tenders with a total value of €2.25 million were awarded relating to the development and management of the website.
Beneficiaries of the contracts include Esat BT (now BT Ireland), which designed and developed the site, the Local Government Computer Services Board which provided hosting, and Servecast, since acquired by US firm Level 3, which facilitated webcasts.
Security expert Owen O'Connor discovered the infected sites by running Google web searches for unique strings of text which are inserted into the sites by the hackers.
Using the so-called "SQL injection", the hackers can load malicious software on to unsuspecting visitors to infected sites.
Although the SQL injection flaw has been identified for a number of years, in April there was a significant upturn in sites being affected by it. The vast majority of the attacks emanated from computers in China and were fully automated.
Mr O'Connor, who is vice-president of the Irish branch of the Information Systems Security Association (ISSA), has discovered more than 100 Irish sites that have been infected. He subsequently contacted any of the websites which appeared to be still infected.
"I'm amazed that this happened - particularly to government websites," said Mr O'Connor.
He said websites that had been hit had no way of knowing how long they were vulnerable or what actions the hackers may have taken.
Websites belonging to the United Nations and the British government have also been altered during the current wave of attacks.
A spokeswoman for Fáilte Ireland confirmed that a database which powers a number of its sites had been compromised but the issue had now been fixed.
According to Mr O'Connor, the perpetrators are likely to have installed malicious software that would try to steal passwords, look for information relating to bank accounts or connect the PC to a "bot net".
Bot nets are networks of infected computers which are used by criminals to carry out brute force attacks on other websites by combining their processing power.
"One or two years ago, the advice you would give to was to stick to reputable websites if you want to be safe," said Mr O'Connor. "This throws that out the window."
With legitimate sites including online music stores, car sites and government information sites getting infected, there is no longer a concept of a "safe site" he says.
His advice to web users is to turn off scripts in their web browser. A plug-in is available for the Firefox browser called No Script which automates this process.
Hackers and organised criminals are increasingly using script exploits and flaws in products like WinZip and Adobe Flash, which is a popular plug-in for web browsers.
"Because Windows is now fairly well patched, it is not the operating system they are targeting but hard to secure programs," says O'Connor.
The outbreak of SQL injection infections is just the latest significant data security breach to occur in Ireland this year.
In April this year Bank of Ireland revealed personal details of more than 30,000 customers had been stolen on four laptops.
