The leak in the virtual working environment of the Public Prosecution Service was abused by Hackers. That is why it may take weeks to secure and clarify the network or and what information has been stolen.
This is apparent from a speech by Hans Moonen, director of IVOM, the IT organization of the Public Prosecution Service. A recording of a short internal explanation of Tuesday is in the hands of NRC. “We cannot and cannot run any risk to reconnect with the internet without knowing that the actor is out of our network,” says Moonen.
The Dutch Data Protection Authority has been informed by telephone about the possible data breach, Moonen and another OM employee during the digital meeting for IT personnel. The Public Prosecution Service has also reported the computer hack on its systems.
“It is clear that it is big and compelling,” Moonen said the digital people this Tuesday. Since Wednesday evening, groups of employees have been on ’24 hours a day’ to cope with the hack.
Read also
Public Prosecution Service is offline due to serious concerns about IT security, Datalek is not excluded
Offline
The OM went offline on Thursday evening July 17 due to major concerns about the security of its digital working environment. The software that the OM uses for this, Citrix Netscaler, contains a mistake. As hackers who exploit them, they can access those secure systems.
The OM was informed on Wednesday evening, July 16 at 8 p.m. by the National Cyber Security Center (NCSC) about the vulnerability in Citrix, says Moonen. The reason, he says, was a “targeted scan” from the NCSC to the vulnerability in Citrix. That leak had poem, says Moonen. “Nevertheless, the NCSC saw reason to contact us about that.”
Follow -up research, which should be clear the seriousness of the leak, then took too long. Every minute that a hacker has access to the internal systems can be harmful. Moonen: “It took so long until we gained insight into the compromacy of our environments, that we made the decision on Thursday evening to disconnect the systems.”
In the time that the OM is offline, the network is wiped clean. In addition to the employees, the hackers also no longer have access
The first results of this weekend’s internal study then showed that Hackers actually invaded the systems, says Moonen. “It has become clear on the basis of those first scans that compromacy also took place on the inside.”
Read also
Digital working environment Public Prosecution Service still out of the air
In the time that it is offline, the entire network is systematically wiped clean, while the hackers cannot understand information. That can take weeks, says Moonen. He had fifteen hundred computer servers within the OM – according to him an automatic security scan lasts about four hours. “That is also the reason that we communicated yesterday that this will really take weeks.”
The vulnerability in Citrix Netscaler was announced on 17 June. It is now clear that the vulnerability could be exploited a few days later. An employee present asks how much time there was between the announcement of the software leak, and the sealing of the leak (‘patching’). “That information is known,” says the moderator of the conversation, “but we are not yet sharing.”