No security breaches, but ‘weaknesses’ still need to be explained

Justice Minister Alan Shatter’s statement yesterday pointed to three areas within GSOC that had been identified as potential weak points or “vulnerabilities” in their electronic security architecture.

No security breaches, but ‘weaknesses’ still need to be explained

It now emerges these vulnerabilities were found as a result of a “routine sweep”, therefore indicating the English firm was hired to spring clean the GSOC premises, as opposed to being called in on suspicion that bugging was in operation.

Based on this report, GSOC say three weaknesses were found;

1. A device that had connected to an outside wifi system but which was never used by GSOC and needed a password to be operated, a password nobody in GSOC even had, apparently.

2. A faulty conference call phone located in the GSOC chairman’s office. This phone rang after a standard audio signal was sent down the line, but it was never established where the call emanated.

3. A UK 3G mobile phone network was found to exist in the area, but as no GSOC members had UK-registered phones, this was deemed irrelevant to the investigation, especially in terms of being a security threat.

In layman’s terms, what had taken place was the same as someone being called in to survey the physical security of the GSOC building and noticing that one of the top windows was left open, that there was a weak lock on the back door, and that unknown characters had been observed loitering in the area.

This is why Mr Shatter was so specific in his address to the Dáil that the integrity of GSOC’s security was intact.

When you examine the three points a little further, this is borne out, but not completely perhaps. Certainly, point three can be discounted as irrelevant and not in the realm of a threat.

However, going back to point one, despite the fact there is no wifi system to be compromised in GSOC and that no one had cause to open the device, much less ascertain the password for it, I would still like an explanation as to how it connected to the outside wifi system in the first place. I accept the device as stated did not indicate a security breach could have taken place, but it still poses a question.

Regarding point two, the sending of an audio signal is a fairly standard test for the integrity of a phone line. It usually involves the transmittance of a high-pitched tone down the line. Simply put, this causes the line to be in use and so would light up so to speak, any predatory devices monitoring the line. In this case, no such devices were found. However, a call that came in immediately after this test never had its provenance established. This in itself doesn’t mean the line was compromised and Mr Shatter can stand over his assertion that no information was compromised by it… at that time.

* Declan Power is a former soldier who undertook communication and information duties at Defence HQ. He now comments and consults on security/defence issues for a number of organisations and is the author of Siege at Jadotville, detailing UN command and control during the Congo crisis of 1961.

More in this section