Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/smolaw

Vigilante cybersecurity expert targets Dublin firm

Citypost said that it would temporarily take down its site in response to concerns raised.

Updated 4.30pm

A DUBLIN-BASED postal service took down its website yesterday, after an alleged security flaw was identified.

CityPost holds the details of its customers online but a vigilante security researcher told TheJournal.ie that he was able to find a method to hack into the website and find customers’ personal details.

In a statement, however, Citypost confirmed that no customer details had been taken and that it was a “false alarm”.

Describing the common hacking technique called an SQL injection he used, the researcher said: “It allows [you] to execute malicious queries and it may lead to server access as well (in some conditions).”

Pakistan resident Touseef Gul had previously reported a similar flaw to the web hosting provider GoDaddy. Working as a ‘self-employed cyber research consultant’, he said he doesn’t do anything with the data and merely reports it to the company that it has the flaw.

In a statement to TheJournal.ie yesterday afternoon, a spokesperson for CityPost said that no customer details had been compromised and that the site was not vulnerable.

They did add, however: “Notwithstanding that in the interest of best practice, we have taken the site down and we will carrying out full stress tests on the site.”

At around 2.45pm yesterday, the site went down.

citypost

In a later statement, Citypost said: “It would be irresponsible to leave it up with a background of a reported incident.

We reiterate the position which is we believe it to be a false alarm however due to correct governance we have taken the site down and our IT developers will this evening do a range of testing.

In a statement to TheJournal.ie this afternoon, the CityPost spokesperson confirmed that the site had been put back live after a night of testing, and was now working normally.

In an email seen by TheJournal.ie, from an email address sharing a name with the CityPost CEO Ian Glass, he asks the man responsible for the hack: “Can I ask why you were examining our web and servers? Can you answer this question?”

We put the same questions to Touseef, himself. He said that he identifies issues with websites and tells companies. If they can’t fix it themselves, he says he offers to fix it for a fee.

Hacks have become commonplace for even the world’s biggest institutions and companies, but often take on far more sinister forms.

Earlier this year, the NHS, the Spanish telecoms giant Telefonica, French carmaker Renault, US package delivery company FedEx, Russia’s interior ministry and the German rail operator Deutsche Bahn were all hit by a major cyber attack.

It is also not uncommon for hackers to go and find employment. Bryan Seely famously attacked FBI servers, and now advises companies such as McAfee on cybersecurity.

Speaking about small businesses in America, he said that many didn’t think they could be targeted by malicious hackers.

He told CNBC: “As a result, it’s fair to say they are indeed ill-prepared to safeguard against an attack.”

Read: Barack Obama is delivering speeches on Wall St for $400,000

Read: Hackers demand millions in ransom for stolen HBO data

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Sean Murray
View 13 comments
Close
13 Comments
This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
Leave a Comment
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.

    Leave a commentcancel

     
    JournalTv
    News in 60 seconds