SoylentNews

16/10/21/1740206 story

IBM Throws ISP It Hired Under a Bus for Australia's #Censusfail

posted by janrinok on Saturday October 22 2016, @07:57AM   
from the blame-the-little-man dept.

Arthur T Knackerbracket has found the following story:

IBM has blamed a supplier for causing the failure of Australia's online census, which went offline on the very night millions of households were required to describe their disposition.

Big Blue's submission (PDF) to Australia's Standing Committees on Economics, which is conducting an Inquiry into the Preparation, Administration and Management of the 2016 Census by The Australian Bureau of Statistics puts the blame for the failure at the feet of a company called NextGen Networks.

IBM does so because it says it devised a distributed denial of service (DDoS) prevention plan called "Island Australia" that involved "blocking or diverting international traffic intended for the eCensus site before it reaches the site, while leaving the system free to continue to process domestic traffic."

"This method was chosen because the primary risk of DDoS attacks of sufficient size to disrupt site availability was considered to be from foreign sources."

IBM's submission says two carriers were chosen to bring traffic to the Census site, Telstra and NextGen. Both were informed about "Island Australia" and how to implement it. But come Census day, IBM says "a Singapore link operated by one of NextGen's upstream suppliers (Vocus Communications or Vocus) had not been closed off and this was the route through which the attack traffic had entered the NextGen link to the eCensus site."

Big Blue's document says Vocus 'fessed up to the error on Census night.

[...] In a delicious irony, NextGen's submission also notes its recent acquisition by none other than Vocus. Which will make life interesting at the first all-hands meeting once the acquisition closes.

The Inquiry will issue a report on November 24th. The Register's Australian outpost has laid in copious stocks of popcorn ahead of the report's release.

Previous reporting:
Australian Census: Hacked or Just Ill-Prepared?

---

Original Submission

Related Stories

Australian Census: Hacked or Just Ill-Prepared? 14 comments

Australian Census Attacked by Hackers

Arthur T Knackerbracket has found the following story:

The Australian census website was shut down by what authorities said was a series of deliberate attacks from overseas hackers.

Millions of Australians were prevented from taking part in the national survey on Tuesday night. The Australian Bureau of Statistics (ABS) had boasted only hours before that its website would not crash.

The prime minister assured the public that their personal information was not compromised. Debate about privacy concerns has been raised despite assurances from the government that security would not be compromised. Prime Minister Malcolm Turnbull said that public's personal information was safe and and stressed the "unblemished record" of the ABS.

"The one thing that is absolutely crystal clear is that there was no penetration of the ABS website," Mr Turnbull said.

"What you saw was the denial of service attack or a denial of service attempt which, as you know, is designed to prevent access to a website as opposed to getting into the server behind it. Some of those defences failed, frankly."

[Continues...]

• Still IBMs fault. Still IBMs fault. (Score: 3, Informative) by RamiK on Saturday October 22 2016, @09:11AM

  by RamiK (1813) on Saturday October 22 2016, @09:11AM (#417555)

  They should have had their IP range in black lists days in advance and test the international availability on their own.

  Besides, Australia's ISPs usually don't shape traffic ( https://wiki.vuze.com/w/Bad_ISPs#Australia [vuze.com] ) and don't have the capabilities (hardware or personal) for that sort of work. They intentionally kept much of their equipment dumb to avoid government log requests so doing this sort of filtering could mean sending technicians to physically access each switch's serial port with a laptop and input the ip range.

  --
  compiling...

  • Re:Still IBMs fault. Re:Still IBMs fault. (Score: 2, Informative) by Anonymous Coward on Saturday October 22 2016, @10:23AM

    by Anonymous Coward on Saturday October 22 2016, @10:23AM (#417559)

    While I agree that it was IBM's fault and this excuse sounds pretty tenuous:

    • Aussie consumer ISPs shape like crazy, we're the great worldwide bastion of data limits. Every single ISP on that list enforces data limits via shaping. TPG, Dodo and Exetel had/have some unlimited plans - they're the budget ISPs.
    • That tiny list of ISPs you provided is so ancient and incomplete even for it's time, it's hilarious. It doesn't include iiNet (3rd largest ISP in AU for a decade). Unwired and iBurst were niche last-mile wireless providers, absorbed into other ISPs - iBurst was shut down in 2008 and Unwired in 2013 into Optus. The only ISPs on that list with any size: Bigpond (Telstra, the biggest), Optus (former #2), TPG (now owner of iiNet/Internode and many others, current #2). Vividwireless is another niche wireless provider for areas with shitty landlines. Considering the time frame that this was written, there were literally hundreds of ISPs of note, it's been the last 5 years where they've consolidated into a few big players - mostly TPG.
    • Vocus and NextGen are not consumer ISPs. Vocus provide business connectivity (IP or SDH transit, backhaul/intercap, SS7 voice, big DA fibre tails, datacentre space, etc). They've recently purchased AMCOM and been purchased by M2 Group, who own Dodo - this makes them #4 by size and possessing a reasonably sized consumer network. NextGen are a backhaul provider subsidiary of Leighton who own a few small pieces of other infrastructure and do offer some enterprise-grade infrastructure, but mostly sell at the wholesale level. They're famous for the most expensive backhaul costs in AU, even up against TW, and were built with public funds intended to decrease the cost of backhaul in remote areas.
    • Vocus and NextGen are the guys who own or build undersea cables, they don't sell Internet to you or me. Vocus has a DDoS protection product on their website, right next to their IP transit coverage details. I have about 1Gbit of Vocus IP transit as a backup to my primary transit providers.
    • IBM was asked several times by Vocus and/or NextGen if they wanted explicit DDoS protection (from previous stories heard) and IBM said no, they were just going to pull international transit if there was an attack.
    • Much of the attack either came from or was reflected through Australia via domestic transit. IBM's protection plan didn't work.

    Parent

    • Re:Still IBMs fault. (Score: 2) by RamiK on Saturday October 22 2016, @02:49PM

      by RamiK (1813) on Saturday October 22 2016, @02:49PM (#417583)

      First off, you're right that list isn't good. I wanted to paste the link to the response the ISPs made to a data request a few month ago (not sure if it was ACCC or ACMA or whatnot) but couldn't find it.

      Either-way, I WAS talking about first mile ISPs. I figured it's obvious enough considering international interconnect was what the article was talking about and even specified the those companies.

      That said, last I heard, they don't deploy layer 2+ switches unless specifically asked by customers* to avoid legal requirements and technical complications. That's to say, they don't go into the packets. They only rate limit.

      Though admittedly, I don't have any way to verify what they were saying... And I'm guessing it's plan dependent regardless.

      * And specifically just the business \ cloud customers and usually not the consumers ISPs. Vocus even has a special DDOS protection plan that is based on rate limits rather then packet analysis.

      --
      compiling...

      Parent

  • Re:Still IBMs fault. (Score: 2) by driverless on Sunday October 23 2016, @12:16PM

    by driverless (4770) on Sunday October 23 2016, @12:16PM (#417812)

    It was the dog! The dog did it, I swear! I had my homework all done but then the dog ate it! It's not my fault!

    Parent

• Vocus rdisagrees (Score: 2, Interesting) by bug1 on Saturday October 22 2016, @01:48PM

  by bug1 (5243) on Saturday October 22 2016, @01:48PM (#417569)

  "Vocus does not agree that the fourth DDoS attack was the cause of the site becoming unresponsive. The fourth attack comprised of attack traffic which peaked at 563Mbps which is not considered significant in the industry, and lasted 14 minutes. See report from Arbor Networks which indicates that it is materially below the mean attack size (https://www.arbornetworks.com/images/documents/WISR2016_EN_Web.pdf)."

  "The cause of the census website being unreachable was IBM employee’s falsely identifying normal traffic patterns as data exfiltration, and manually turning off their Internet gateway routers"

  "Vocus was not, at any time prior to 9 August 2016, invited to participate in any testing of IBM's DDoS mitigation strategy, or given any detail of what testing was undertaken. In fact, Vocus was not informed of IBM’s DDoS mitigation strategy, Island Australia or its specific requirements, until after the fourth attack."

  http://www.aph.gov.au/DocumentStore.ashx?id=9f58f27a-9b42-4de1-80f7-60e17edfb153&subId=414847 [aph.gov.au]

• Smokescreen (Score: 2) by Mykl on Sunday October 23 2016, @03:52AM

  by Mykl (1112) on Sunday October 23 2016, @03:52AM (#417737)

  While all of the players involved are still claiming that it was a DDOS that brought about #CensusFail, the reality is much simpler.
   

  IBM's Stress and Volume testing assumed a uniform distribution of Census entries [smh.com.au] over a 12+ hour period, when in reality most people jumped on to do the census 1-2 hours after dinner. So the DDOS was really from the unsuspecting user base.