Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

IBM Throws ISP It Hired Under a Bus for Australia's #Censusfail

Accepted submission by Arthur T Knackerbracket at 2016-10-21 13:16:43
News

Arthur T Knackerbracket [soylentnews.org] writes:

Story automatically generated by StoryBot Version 0.2.2 rel Testing.
Storybot ('Arthur T Knackerbracket') has been converted to Python3

Note: This is the complete story and will need further editing. It may also be covered by Copyright and thus should be acknowledged and quoted rather than printed in its entirety.

FeedSource: [TheRegister]

Time: 2016-10-21 02:41:07 UTC

Original URL: http://www.theregister.co.uk/2016/10/21/ibm_throws_isp_it_hired_under_a_bus_for_australias_censusfail/ [theregister.co.uk] using UTF-8 encoding.

Title: IBM throws ISP it hired under a bus for Australia's #Censusfail

--- --- --- --- --- --- --- Entire Story Below --- --- --- --- --- --- ---

IBM throws ISP it hired under a bus for Australia's #Censusfail

Arthur T Knackerbracket has found the following story [theregister.co.uk]:

IBM has blamed a supplier for causing the failure of Australia's online census, which went offline on the very night millions of households were required to describe their disposition.

Big Blue's submission (PDF) [aph.gov.au] to Australia's Standing Committees on Economics, which is conducting an Inquiry into the Preparation, Administration and Management of the 2016 Census by The Australian Bureau of Statistics puts the blame for the failure at the feet of a company called NextGen Networks.

IBM does so because it says it devised a distributed denial of service (DDoS) prevention plan called "Island Australia" that involved "blocking or diverting international traffic intended for the eCensus site before it reaches the site, while leaving the system free to continue to process domestic traffic."

"This method was chosen because the primary risk of DDoS attacks of sufficient size to disrupt site availability was considered to be from foreign sources."

IBM's submission says two carriers were chosen to bring traffic to the Census site, Telstra and NextGen. Both were informed about "Island Australia" and how to implement it. But come Census day, IBM says "a Singapore link operated by one of NextGen's upstream suppliers (Vocus Communications or Vocus) had not been closed off and this was the route through which the attack traffic had entered the NextGen link to the eCensus site."

Big Blue's document says Vocus 'fessed up to the error on Census night.

The submissions says the DDoS that made it past the Island Australia defences then "... caused one of the mechanisms used by IBM to monitor the performance of the eCensus site to miscarry."

"As a result, some IBM employees who were observing the monitor mistakenly formed the view that there was a risk that data was being exfiltrated from the website and that the risk needed to be further investigated. Out of an abundance of caution, IBM shut down access to the site and assessed the situation."

NextGen has also made a submission (PDF [aph.gov.au]) to the inquiry and it disputes IBM's version of events.

The carrier says IBM rejected its offer of dedicated DDoS protection and also ignored advice that Island Australia was not a decent DDoS shield. The submission also says that IBM tested NextGen's Island Australia rig on August 5th, and passed it as ready to roll.

Here's an excerpt from the submission:

Vocus has also made a submission (PDF [aph.gov.au]) in which it blames both IBM and NextGen for the DDoS.

Big Blue is criticised because in Vocus' opinion "the Island Australia approach does not consider the reality of overseas network operators connecting to Australian service providers inside Australian borders."

NextGen cops some pain because Vocus says it "was not informed of IBM's DDoS mitigation strategy, Island Australia or its specific requirements, until after the fourth [DDoS] attack. As a result, any assumption that Vocus was required to, or had implemented Island Australia or geo-blocking ... are inaccurate."

In a delicious irony, NextGen's submission also notes its recent acquisition by none other than Vocus. Which will make life interesting at the first all-hands meeting once the acquisition closes.

The Inquiry will issue a report on November 24th. The Register's Australian outpost has laid in copious stocks of popcorn ahead of the report's release. ®

Original Submission