Normal service restored to Garda IT systems after hack attempt

Source of attack remains unknown and security expert says ‘ransomware’ may have used

An Garda Síochána has said normal service has been restored to its IT systems after an attempted attack by hackers last week.

The force put an emergency plan in place in recent days after an external source tried to hack into its data systems.

The attack was revealed in a brief statement on Sunday from Garda Headquarters at Phoenix Park in Dublin.

A Garda spokesman said on Monday that access to certain ICT systems was temporarily removed for all users across the organisation after the malware risk was identified on Thursday.


He said any security risks to the Garda ICT systems were treated with the highest importance and standard security protocols implemented.

The threat had been identified by gardaí working with security experts and an “appropriate solution” had been implemented across all Garda systems.

“An Garda Síochána can confirm that normal service to Garda systems was restored today. As a precaution, heightened security measures have been put in place,” the spokesman added.

The Garda computer crime unit at the Garda Bureau of Fraud Investigation is continuing its investigation into the incident.

An Garda Síochána’s IT infrastructure includes more than 100 information systems, 9,000 devices and 15,000 users across 570 locations.

The exact source of the attack and who carried it out remains unknown, but gardaí said they had identified a zero-day (a new strain) malware threat on one of the force’s systems.

Malicious software

A leading IT security expert said the attempted hack of An Garda Síochána’s systems was likely to have been a so-called ransomware attack, in which malicious software denies access to a computer system until a sum of money is paid.

IT security expert Brian Honan of BH Consulting said there was not enough information about what had happened but his "best guess" was that the Garda systems had been hit by ransomware.

“From reading what’s available, this does not seem to me to be a targeted attack. It looks to be an infection by a previously unknown computer virus, and is probably likely to be a ransomware type of attack.”

“There is a lot of speculation that this is a targeted attack and that it was using zero-day [previously undisclosed] vulnerabilities, but this is a good example from an incident response point of view as to why clear and unambiguous communication is important to allay speculation and fears.”

Mr Honan said that if it had been a targeted attack, this was very hard to defend against but the impact of such an attack could be much greater.

It was not known whether the attack last Thursday had hit the Garda’s ultra-secure internal network containing all its confidential information or whether it was a PC in a Garda station, for example.

The incident comes at a time when the force's IT systems have been labelled by the Garda Inspectorate as decades out of date; an appraisal echoed by Garda Commissioner Nóirín O'Sullivan and accepted by Minister for Justice Frances Fitzgerald.

The recently published Modernisation and Renewal Programme said the force had developed new strategies to meet “the ever increasing challenges of cybersecurity and cybercrime”.

Budgetary constraints had “severely limited” An Garda Síochána’s ability to invest in new technology, it admitted. More than €200 million will be invested in advanced information and communications technology (ICT) systems as part of the modernisation plan.