The source of a malicious cyber attack on the Manx government’s website is still unknown – and a criminal investigation is on-going.
Further details about last month’s distributed denial of service attack on the www.gov.im website were revealed in the House of Keys.
In a written reply to a question from Zac Hall (Onchan), Economic Development Minister John Shimmin said the attack had been designed to disrupt access to the site rather than compromise it - and there have been no indications that any data or systems have been breached.
He told MHKs: ‘On April 26, the Isle of Man Government’s top level website www.gov.im was subject to a malicious attack from sources as yet unknown.
‘The services were fully recovered during the same day and the Information Systems Division dealt with the incident and the recovery of the services with the existing framework partners.
‘It is worth noting that although a level of protection was already in place to provide a layer of defence against the majority of attacks, this specific attack was significant in size and was the first attack to the site to do so in this particular manner.
‘Consequently, additional measures were required to deal with the attack and restore the service.’
Mr Shimmin said the attack was a criminal act and as such had been reported to the relevant authorities.
‘The attack was designed to appear to come from multiple sources at once. The appropriate liaison with the Isle of Man Constabulary – as the relevant law enforcement agency – is on-going. The Information Systems Division will continue to liaise with the relevant authorities in pursuit of those responsible for this act.
‘However, the department also recognises in the majority of these types of attacks the underlying perpetrators are difficult to identify and prosecute.
‘All options remain open at this stage, and it would be inappropriate to comment further on the specific measures and range of responses available to it to deal with these types of attack in the future.’
Mr Shimmin said the Customer First Beta site (cf.gov.im) remained up and functioning during the attack.