Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
LAST UPDATE | 3 Jan 2019
THE LUAS WEBSITE is down for the day after being hacked.
Luas operator Transdev said that the attack was “professional” and that the site is being analysed to see how the attack happened. It said:
We have identified 3,226 user records at this point of the investigation which may have been compromised.
“These are the records of where people signed up to a Luas newsletter. Luas will write to these people within the next 24 hours informing them of the potential breach.”
No financial information has been compromised in this attack, it added. Luas is also in contact with the Data Protection Commissioner.
Visitors to Luas.ie are met with a note demanding payment of one bitcoin, currently worth €3,385.
“You are hacked,” the message read:
It continued: “Some time ago I wrote that you have serious security holes. You didn’t reply the next time someone talks to you, press the reply button.”
The message then demanded payment of one bitcoin within the next five days, or else the hacker claims they will “publish all data and send emails to your users”.
In a tweet, Luas said all travel updates will be provided on Twitter until technicians regain control of the website.
It later said that it will take about a day to resolve the issue with the website.
Transdev said that it would take the day to resolve, and that it would notify its customers when the website is back online:
The website has been taken down by the IT company who manage it, and their technicians are working on it.
Luas are informed this may take the day to resolve. We will update customers via Twitter and Facebook, AA Roadwatch and the media should there be any change to Luas services today.
One possibility is that the hack was a ransomware attack.
This involves finding a security weakness on the website or using leaked or phished login credentials, and using this to install malicious software on computers or servers connected to the site.
The software then locks down the computer’s files using powerful encryption. The hacker will often offer to provide the decryption code in return for payment, to allow owners to regain access.
Another is that the data was stolen in a hack, rather than ransomware being used.
- with reporting from Gráinne Ní Aodha
To embed this post, copy the code below on your site
1 bloody bitcoin…. serious lack of ambition there
@noel o connor: not really, demand 20 Bitcoin and they definitely won’t pay but demand one and they are more likely to pay, do this to 20+ sites and its a nice weeks work
@noel o connor: They could have asked for 1 million of them – wouldn’t matter as they’ll all be worth precisely zero in a year
@Dara O’Brien: why is that?
@Manbackonboard: because it’s totally and utterly makey-uppy useless as a store of value and pointless to boot. Blockchain technology is very promising but bitcoin is a total scam
@Dara O’Brien: people like you have been saying that since 2014
@Dara O’Brien: useless and pointless? Tell that to the criminals, gangsters, Drug dealers, cartels, terrorists, money launders etc etc who use it on a daily basis… They’ll beg to differ…
@Dara O’Brien: like a Fiat currency so….
@Sean Oige: NPCs know nothing of makey-uppey fiat currencies. They respond with reprogrammed tin foil hat comments.
@Is Mise jay: and we’ll be right – by the way others were hooveringbit up at $19,000 and announcing that it would hit $100,000 by the end of 2018 …
@Sean Oige – yes exactly like a Fiat currency except it’s one that you can’t really buy anything with …
@Dara O’Brien: Hahaha and what’s your Euro worth? I’ll help you it’s zero and it’s a digital currency too now. It ain’t backed by anything not gold or ore or oil we stopped doing that in the 1980s. At least Bitcoin has the intrinsic value of taking work to make and is in limited supply like gold :)
@noel o connor: maybe it was Dr.Evil
@Aidan Mitchell: They use the dollar for that just fine actually, bitcoin is far too inefficient to use for now. Plenty of banks in other countries that will give them a helping hand nowadays.
@Kraeol: Gold and Bitcoin, just like Fiat currency, only have the value that holders ascribe to them. From that point, they are all equally useless. The difference is that I can use Euro to buy pretty much anything I want, safely and easily – you can’t do that with gold or bitcoin.
If the only value of a currency is the ability to exchange it for goods/services that one may need, bitcoin is valueless
@Dara O’Brien: gold is valuable because it is finite
@Dara O’Brien: Fair but bitcoin wise that will change within the coming years. What if the Euro suffers the same fate of most other currencies which is hyperinflation. All those other currencies had the same value of use but compared their price 10-100 years ago they are more or less valueless now. Europe just keeps printing more so it is inevitable really. So why stick to the same old when you can move it to the power of people instead of governments?
@Earl of Daventry: not quite that simple – old glass electrical insulators are also finite (much less so than gold) they are also worthless. Availability may be a factor but only one of many and certainly not the decisive one
@Kraeol: Ah, but now you are saying that governments are distinct from people – that’s a whole argument in its own right. Also, re the finiteness of bitcoin, the vast majority of the world have no way to prove or refute it. They have to take the word of a small few that the program will actually destruct when the last coin is mined, also, with the new spate of altcoins, it seems that they can indeed be created, just as other currency is printed
@Dara O’Brien: Actually every single piece(satoshi) of bitcoin is verifiable and trackable nowadays. And Bitcoin will never destruct at the last coin, we just have to change the way of providing a reward to miners to process transactions, since no more coins can be made. About governments, didn’t mean that really. They are people and like the majority of our species, they are dumb compared to our best. Sadly the result of voting by popularity contests. So mistakes will always be made, leaving our government controlled currencies in a perilous place. You have me on the alt coin argument though. My only response can be is they are not bitcoin.
@Dara O’Brien: Hey Dara, check out Jimmy Song, Tone Vays on youtube ;)
@Kraeol: The biggest issue with bitcoin is the volatility of its value. 1 year ago a bitcoin was worth €12.5K now its worth under €3.5K. Nobody in their right mind would use it as currency.
@CrabaRev: I agree for us here with one of the of the major currencies in the world and relative stability that’s true but for other countries that have money that has been devalued to extremes, a drop of 80% actually doesn’t sound that bad all of a sudden. One day there will be more stability in bitcoins price but we are still a long way away till it’s supply has been distributed more evenly among our worlds population. By that point it should be quite stable.
@MitchConnor: Could they not have hacked the control computers for the trams and make them run properly? For the bitcoin.
@Dara O’Brien: maybe the hacker wants to get the funds in an anonymous format at convert to cash immediately. In which case bitcoin is perfect for them.
@CrabaRev: Exactly, its a store of value first & after few more yrs the price will become more stable & with lightning network can become medium of exchange.
Bitcoin standard explains it all for newbies, excellent book worth a read if intetested.
The IT managers job will be advertised by the end of the week!
They didn’t bother their holes replying to the guy when he originally told them they had security holes? Dopes.
@Wayne Whitty: That may be as true as an African Prince wanting to safely stash his millions into your bank account. Could have been added to the message to make it seem a little bit more well intentioned.
@Wayne Whitty: hmmm Wayne the irony in your comment……OF COURSE they didn’t click on a link or reply ……that’s the CORRECT first response by any business is NOT to click on malware !!!!!!!!! I have a wealthy cousin who is a King in Tonga who wants to give you a million euro in bit coins just send me your email address when you get a chance wil you…..
@Wayne Whitty: It was almost certainly a generic message packaged with the virus. Individual hackers do not sit at home manually probing ports on specific websites.
If the person who did this really advised them in advance of a security vulnerability this serious, it would’ve been worth much more than 1 bitcoin by most companies bug-bounty standards. And not only did Luas not thank them, they just ignored it altogether. This is a more than reasonable demand
@Gerard: 1 bitcoin on its way to Gerard
@Gerard: If you point out that a stranger’s fly is low and they ignore you. Do you then tear the trousers of them?
@Paraic: if its being open is a risk to other people’s privacy yes.
Poor analogy, try again.
@Gerard:Ah! I see you’re off the, “Inadvertantly left back door unlocked, deserved to be burgled” ilk.
Whatever way you want to spin it, engaging in criminal activity isn’t generally supported by some kind of weak claim of prior warning. Try telling a judge that you warned someone, their lock was easily picked, before you stole their bicycle.
@Gerard: excerpt the “advance warning” is actually a malicious malware message itself and definitely shouldn’t be opened or replied to….
Happy 10th Birthday Bitcoin
Play on ref
I’m just shocked that 3,226 people signed up to a Luas newsletter
They did not update their servers ?
What OS and version is it ?
It would be about time now
@Dominic Leleu: There is no indication that the vulnerability has to do with their server operating systems.
@Dominic Leleu: They brought in the priest in to bless them as far as I know.
@Dominic Leleu: From a lil digging around (mostly due to a plugin I have on my browser) it seems the Luas websites are run on Windows Server 2016, not exactly the most secure operating systems in the world to be using, also doesn’t help when the programming language they’re using, is way out of date. On their standard fare payment page they’re using a version of Dot NET that was released 7 years ago.
@Mark Railton: worth noting tho, these checks are not 100% accurate (tho generally not far off).
He’ll should’ve demanded a shrubbery.
Similar thing happening in the US with hackers holding out for a bitcoin ransom and are threatening to release classified documents regarding the insurance claims after 911.
Don’t worry too much, Inspector Luas is on the case, albeit his clothing ransomware is outdated.
Must be a joke. One bitcoin? I’ve had demands for amounts like that made to me twice – i’m a private individual – i took the standard advise and ignored it and did not reply and that was the end of it. Are LUAS over reacting here?
They were warned before it happened, it’s their own faults.
@Sean Murphy: nothing to support that claim other then the persons word who then looked for ransom.
You are going to trust the person who’d rather profit after stealing your personal data and then likely leak it anyway?
You’re not very smart if you trust that person
Its a static suite so no information stored. One Bitcoin is worth around 3K nowadays.
have your say