GARDAÍ HAVE commenced an investigation into a number of alleged cyber attacks on the website of the Central Applications Office (CAO) this week.
The denial-of-service attacks restricted access to the website on Monday for thousands of Leaving Cert students checking the first round of offers for third-level courses.
The CAO was also forced to shut down its website on Wednesday when another attack resulted in new passwords being issued to 22,000 users.
It said the attacks had been reported to the Garda and that the office had supplied logs of website traffic as evidence of the “malicious attacks”.
A Garda spokesman said an investigation into the matter was under way.
The CAO said it had not yet identified the source of the attacks.
“We continue to work with our service provider, external consultants and the gardaí as we investigate this ongoing malicious attack,” it said in a statement.
“In the meantime, we will continue to monitor and prevent losses of service on the site. It may not be possible to tell exactly where the attack or attacks are coming from, as false internet protocol addresses are routinely used in such attacks.”
Despite the difficulties earlier this week, the CAO last night said it had received 32,847 acceptances of college offers.
This was an increase of more than 1,000 on the same period last year.
The deadline for round one acceptances is 5.15pm on Monday.
The CAO website is likely to again experience heavy traffic on Thursday when third-level institutions issue second round offers to thousands of students.
The office’s website was previously targeted on July 1st, the deadline for change-of-mind applications.
A denial-of-service attack is a type of cyber crime which often occurs when criminals or hackers create a network of computers using software downloaded by their unsuspecting owners.
On Monday, the majority of visitors to the CAO website were met by a message stating that the site was undergoing maintenance, and they were unable to accept their course offers.
The network of computers was then directed to send multiple page requests to a specific web address, overwhelming it with traffic and preventing it from responding to legitimate users.
