Sign up now
Australia Shopping Network. It's All About Shopping!
Categories

Posted: 2016-08-10 05:01:00

The Digital Attack map shows there was no suspicious activity at the time the Census website crashed.

YOU may have seen this map doing the rounds on social media.

It appears to make a mockery of the Australian Bureau of Statistics’ claim that the census fail was the result of a series of DDoS (distributed denial of service) attacks launched in a deliberate bid to sabotage the collection of data.

Head statistician David Kalisch claimed this morning the ABS shut down the site as a precaution after the fourth strike.

“It was an attack, and we believe from overseas,” he told ABC Newsradio.

Small Business Minister Michael McCormack then muddied the waters by stating this at an overdue press conference: “This was not an attack, nor was it a hack.

“It was an attempt to frustrate the collection of data. People should feel rest assured their data is safe.”

However, a tool devised by Google Ideas and cyber security company Abor Networks to track DDoS attacks around the world, the Digital Attack Map, failed to detect any unusual activity in Australia at the time the alleged attacks took place.

If accurate, it gives credence to accusations widely circulating on social media and beyond that mysterious overseas hacker story is a cover for the real culprit — incompetence.

But is it possible those responsible hid evidence of their activity via geoblocking, server location spoofing or other means?

Yes, according to hacking specialist Phillip Dawson, who is associate director at Deakin University’s Centre For Research In Assessment And Digital Learning (Cradle).

“If you want to carry out a DoS attack you buy what’s called a botnet, which is a network of compromised devices that have been hacked into — it could be a network of computers or a network of interconnected fridges,” Associate Professor Dawson told news.com.au.

“If you want to make the attack look like it comes from Australia, you buy a botnet in Australia. So it’s really hard for us to know where this attack came from. It could be the attack wouldn’t show up on (the Digital Attack Map) but their data is usually really good.

“Spoofing could also explain why it wouldn’t show up but you would hope they could detect that.

“For $50 you could get yourself a pretty good botnet online, maybe find it on the dark web but surely that degree of DDoS is something we should be able to deal with or laugh off.

“If it’s something quite small it could be a cover story for incompetence.”

Ass Prof Dawson said the only way the public would know the truth is if investigators released the forensic log.

“I don’t have much hope of that happening, though,” he said.

Whatever the hell happened, the mysterious Australian Signals Directorate is investigating the source the disruption.

Cybersecurity expert Greg Austin said the public “should take the government (claims of DDoS attacks) at face value until we know more”.

“The (incident) reminds us of the serious threat we face in cyberspace,” he told news.com.au.

“The second point is that we need some sort of public exposure of the results of the investigation to restore public trust in the ABS.

“Thirdly, cybersecurity is not cheap or easy and there’s room to question whether the government is spending enough on it.

“I would take the government (explanation) at face value until we know more. The Australian Signals Directorate is one of the top 10 organisations of its kind. If they can’t do it, nobody can.”

Dr Mark Gregory from RMIT University this morning said more proof was needed over the government’s claim that an overseas attack had taken place.

“A denial of service attack is when they get millions of computers trying to access their systems at the same time,” he told ABC Breakfast.

“You are overwhelming their computing power by doing that. Interestingly enough, the system, as we have learnt, was built to handle about a million transactions in an hour. A million people doing their return in an hour. Now, my understanding is that most Australians have dinner, sit down, try and do the census. If you had five or six million households trying to do their census at the same time, that’s similar to a denial of service attack.

“We need some proof this was from outside Australia and not just simply Australians trying to do the census.”

Minister for Small Business Michael McCormack confused matters this morning with this quote: ‘This was not an attack, nor was it a hack’.

Minister for Small Business Michael McCormack confused matters this morning with this quote: ‘This was not an attack, nor was it a hack’.Source:News Corp Australia

Dr Gregory, from the School of Engineering, also maintained the government systems were simply not designed to handle the amount of traffic we saw last night.

He said if there was an attack it was now up to the government to prove that was indeed the case.

“Now they have got the Defence Signals Directorate involved, they don’t publish anything they do. We are taking their word at face value this did come from overseas. They would need to provide hard facts. Nevertheless we know now as a fact their systems were not designed to handle the type of traffic that I would have expected after dinner last night.”

He maintained the ABS was totally unprepared from the beginning and he wanted to see some hard facts to prove it was a cyber attack and not government incompetence.

“I think the ABS have been totally unprepared,” he said. “They shouldn’t have tried to do the whole country. They should have done a pilot in one state and the rest of the states. Some of the statements are outrageous. I have no confidence in what they are saying.”

Dr Gregory also raised the question as to whether people’s data was really safe and that any information they supplied would be tainted.

“What they have done at this stage is they have set themselves up for failure in a spectacular way,” he said.

“The failure has occurred as predicted by many people and at this point in time, the whole Census has been a mess. The only thing that they can really do is try and do it again next year, for example because the data now is tainted.”

He also said he believed many people will not complete the Census because they think they have completed it but because of the denial of service attack, the information won’t have been registered on their computers.

Dr Gregory said heads should now roll over the incident.

“I believe the management has gone too far in the statements they have made publicly,” he said.

“They have been warned by a number of people this was going to happen, it did happen. There needs to be a serious look at the operation of the ABS.”

Dr Gregory said until Australia has mandatory data breaching laws in this country, we should not believe anything the Government says about privacy and security.

“Our systems are being attacked and hacked into all the time,” he said.

“There are no laws in this country currently which require government or industry to actually make public that they have been hacked into and the information has been taken. So therefore it would be reasonable not to believe what people are saying.”

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above