SoylentNews

Arthur T Knackerbracket [soylentnews.org] writes:

Story automatically generated by StoryBot Version 0.1.0a (Development).

Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.

FeedSource: [TheRegister] collected from rss-bot logs

Time: 2016-08-10 04:51:00-10:00 UTC

Original URL: http://www.theregister.co.uk/2016/08/10/a_failure_of_planning_dumb_ddos_kneecaps_australian_census/ [theregister.co.uk]

Title: Networking wonks can't find the DDOS claimed to cause #Censusfail

Suggested Topics by Probability (Experimental) : 19.3 science 15.8 hardware 12.3 OS 10.5 digiliberty 10.5 business 8.8 mobile 5.3 techonomics 3.5 technomics 3.5 security 3.5 code 3.5 careersedu 1.8 careers 1.8 breaking

*** Link with earlier story "Australian Census Attacked by Hackers" ***

--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---

Networking wonks can't find the DDOS claimed to cause #Censusfail

Arthur T Knackerbracket has found the following story [theregister.co.uk]:

The failure of the Australian census seems to be a failure of planning.

The Federal Government is blaming [theregister.co.uk] a distributed denial of service attack (DDoS) and an abundance of caution for sending the once-every-five-years Antipodean citizen survey into a grinding halt beginning last night and continuing as of the time of writing.

Yet your correspondent would hazard should the question of 'what will bring down the Census' be asked on Family Feud, the top scoring answer would be a DDoS attack.

So how is it that the world's most boring attack vector was able to crush a multi-million dollar Federal Government operation some five years in the planning?

Multiple prominent networking and security people The Register has spoken to have not seen evidence of a large DDoS attack.

That does not mean the attack did not happen, or that apparent woeful internal technical failures [twitter.com] were solely to blame, and the Government has lied about the cause of the outage.

Skeeve Stevens, founder of peering provider eintellego Networks, is one of many in the telco community who has not seen evidence of a large flood capable of taking down Census assets. ("Although I could have taken it out in the blink of an eye," Stevens reckons.)

Distributed denial of service attack mitigation company Arbor has not seen attack traffic either.

Nor have other networking and security specialists at rival global DDoS attack mitigation companies. Some of these folks strongly question whether there was a DDoS at all.

Arbor reckons DDoS mitigation and best practice infrastructure should have punted the attackers, had it been in place.

It is not known if DDoS mitigation was used, or indeed what any controls were in place, other than a geo-IP blocker that failed and let in bad traffic from the United States, so says the Government.

And that bring us to the central question; how is it that an attack vector any internet idiot can pull off with DDoS booter services was able to best the Federal Government and its AU$9.6m Census contractor IBM?

Tech company CSC reckoned in 2014 that sarong-clad Byron Bay hippies were the chief threat [theregister.co.uk] to the State of New South Wales' eVoting platform, so easy is it to launch DDoS attacks as a means of protest.

A large portion of tech-savvy Australians had as much reason as those besieged anti-coal protesters to want to launch a DDoS; the Government had rebuffed their more than 12 months of opposition to the new requirement that the Census would record and pair their names and addresses to their answers, storing it for four years.

So it was obvious a DDoS attack on Tuesday night would be a likely event.

And with Prime Minister Malcolm Turnbull losing the day's media cycle, losing public confidence in government cyber security, and losing progress towards national e-voting in Australia, you can bet he will asking them. ®

Original Submission