Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday August 11 2016, @07:21PM   Printer-friendly
from the blame-the-bogey-man dept.

Australian Census Attacked by Hackers

The Australian census website was shut down by what authorities said was a series of deliberate attacks from overseas hackers.

Millions of Australians were prevented from taking part in the national survey on Tuesday night. The Australian Bureau of Statistics (ABS) had boasted only hours before that its website would not crash.

The prime minister assured the public that their personal information was not compromised. Debate about privacy concerns has been raised despite assurances from the government that security would not be compromised. Prime Minister Malcolm Turnbull said that public's personal information was safe and and stressed the "unblemished record" of the ABS.

"The one thing that is absolutely crystal clear is that there was no penetration of the ABS website," Mr Turnbull said.

"What you saw was the denial of service attack or a denial of service attempt which, as you know, is designed to prevent access to a website as opposed to getting into the server behind it. Some of those defences failed, frankly."

[Continues...]

However:

The comments contradict earlier comments issued by the ABS which stated that there were four "attacks". The opposition party called for Mr McCormack to resign over the website crash.

"This has been the worst run census in Australian history," said Andrew Leigh, the assistant shadow treasurer. "If we don't get an accurate snapshot on census night, we can't allocate resources properly."

The ABS is now working with authorities to determine the source of the "denial of service" attacks. "The Australian Signals Directorate are investigating, but they did note that it was very difficult to source the attack," chief statistician David Kalisch told the ABC. "The scale of the attack, it was quite clear it was malicious.

[...] In the lead-up to the census, crossbench Senator Nick Xenophon's concerns about privacy were dismissed by the government as "tinfoil hat" politics.

He said it wasn't clear who should be wearing the hat now.

"Look, there are real concerns," Mr Xenophon said. "The census, the ABS, has had five years to get this right." After weeks of reminders to "get online August 9", millions of Australians were frustrated to find they could not complete the survey.

Thousands of people poked fun at the situation on social media with references to the popular television shows including The IT Crowd, The Simpsons and Monty Python.

All of this is somewhat contradicted by IT Security specialists around the world who cannot find evidence of a DDOS having taken place, as described in the next piece:

Networking Wonks Can't Find the DDOS Claimed to Cause #Censusfail

The failure of the Australian census seems to be a failure of planning.

The Federal Government is blaming a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing.

Yet your correspondent would hazard should the question of 'what will bring down the Census' be asked on Family Feud, the top scoring answer would be a DDoS attack. So how is it that the world's most boring attack vector was able to crush a multi-million dollar Federal Government operation some five years in the planning?

Multiple prominent networking and security people The Register has spoken to have not seen evidence of a large DDoS attack.

That does not mean the attack did not happen, or that apparent woeful internal technical failures were solely to blame, and the Government has lied about the cause of the outage.

Skeeve Stevens, founder of peering provider eintellego Networks, is one of many in the telco community who has not seen evidence of a large flood capable of taking down Census assets. ("Although I could have taken it out in the blink of an eye," Stevens reckons.) Distributed denial of service attack mitigation company Arbor has not seen attack traffic either. Nor have other networking and security specialists at rival global DDoS attack mitigation companies. Some of these folks strongly question whether there was a DDoS at all.

Arbor reckons DDoS mitigation and best practice infrastructure should have punted the attackers, had it been in place. It is not known if DDoS mitigation was used, or indeed what any controls were in place, other than a geo-IP blocker that failed and let in bad traffic from the United States, so says the Government.

And that bring us to the central question; how is it that an attack vector any internet idiot can pull off with DDoS booter services was able to best the Federal Government and its AU$9.6m Census contractor IBM?

[...] So it was obvious a DDoS attack on Tuesday night would be a likely event.

And with Prime Minister Malcolm Turnbull losing the day's media cycle, losing public confidence in government cyber security, and losing progress towards national e-voting in Australia, you can bet he will asking them. ®


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by bob_super on Thursday August 11 2016, @09:32PM

    by bob_super (1357) on Thursday August 11 2016, @09:32PM (#386789)

    Talking about bad service:
    > "If we don't get an accurate snapshot on census night, we can't allocate resources properly."

    Really?
    Why is the census all on one night? I don't count if I'm competing in Rio, travelling for work, or just in the hospital sick?
    Does Australia collapse into the sea from an unbalanced allocation, if you count the babies born on the 10th but the dead people from the 9th, or the opposite?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Jeremiah Cornelius on Thursday August 11 2016, @11:23PM

    by Jeremiah Cornelius (2785) on Thursday August 11 2016, @11:23PM (#386812) Journal

    Play your didgeridoo, Blue
    Play your didgeridoo
    Ah, like, keep playin' 'til I shoot thru, Blue
    Play your didgeridoo
    Altogether now!

    --
    You're betting on the pantomime horse...
    • (Score: 4, Funny) by c0lo on Friday August 12 2016, @12:36AM

      by c0lo (156) Subscriber Badge on Friday August 12 2016, @12:36AM (#386845) Journal

      Malcolm's part'll be:

      Tan me hide when I'm dead, Fred
      Tan me hide when I'm dead
      So we tanned his hide when he died, Clyde
      And that's it hangin' on the shed!!
      Altogether now!

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 1) by caffeinated bacon on Friday August 12 2016, @03:16AM

    by caffeinated bacon (4151) on Friday August 12 2016, @03:16AM (#386884)

    The government already knows when you travel overseas. People in hospitals fill out census forms, people travelling fill out census forms. They can already see who was born or who died on those days if it's really important.