Before login

You are here: Home » CAO Website Crashes Due to "Malicious Attack"

CAO Website Crashes Due to "Malicious Attack"

/ by / Pilgrim / on / August 27, 2010 @ 8:12 am
References
Sources: 
http://www.rte.ie/news/2010/0823/cao.html
http://www.rte.ie/news/2010/0825/cao.html
http://www.rte.ie/news/2010/0826/cao.html

Thousands of Irish Leaving Cert students were left devastated as they tried to access their college offers on Monday 23rd August 2010, as the Central Applications Office website was the victim of a "malicious attack by an unknown source".

The first round of college offers were uploaded on the website at 6am on Monday morning, but at 6:10am the website was crashed due to a Denial of Service (DoS) attack. The website was flooded with tens of thousands of false requests, and the server was simply overwhelmed by the amount of simultaneous requests.

The attack persisted until around 1:30pm, when the website was brought back online by CAO technical staff.  According to CAO Operations Manager Joseph O'Grady, the DoS attacks are still ongoing, and they have been struggling to deal with the problem. 

However, as if the DoS attacks weren't bad enough, it seems the hackers managed to infiltrate the website further and issued new passwords.  The website was closed down for four hours while their IT team assessed the site.  I received the following email yesterday morning from the CAO:

Dear Sir,

Today, Wednesday 25th August, the 'forgot password' facility on the CAO website
was subject to a malicious attack.  From 1am the attack caused the system to
automatically issue new account passwords to applicants by email.
 
We would like to reassure you that no application accounts were accessed and
that the new passwords received from the CAO today were safe and secure.
 
As an extra security measure we have decided to clear all passwords from the
system and to issue you with a new password which you should use from now.
 
We will be in touch with you again, and issue a statement in the media if there
is any update to this matter.
 
Again, we apologise sincerely for any inconvenience and thank you for your
patience and understanding as we manage these malicious attacks.


Your new password is: ********


Yours sincerely,

Joseph O'Grady
Operations Manager

Central Applications Office


It seems that the CAO have provided the GardaĆ­ with the website logs, and are continuing to work with external consultants to find those responsible for the attacks.  At the time being, very little information regarding these attacks is being released.

 

** This article will be updated as soon as more information is available.

/tags/