The ABS this morning have claimed that the Australian Census website fell victim to a Foreign Cyber Attack causing the website to fail for users. What does that mean, is your data safe, and should this have been prevented?
ABS spokesperson David Kalisch told the ABC that the site was attacked four times throughout yesterday, culminating in a final attack at 7.30pm after which they shut the website down.
He went on to say “It was an attack, and we believe from overseas,”
What is an Attack?
An attack, in most cases a ‘Distributed Denial of Service’ or DDOS – is undertaken to shut a website down by overloading it with traffic. Cyber Hackers setup banks of computers which emulate millions of people continually bombarding the website.
Any website has a traffic limit which it can handle – once it hits that limit it’s like a crash on a three lane freeway blocking all lanes – now and then some cars might get through, but for the most part – you’re stuck waiting.
What a DDOS attack does is throw more cars on the road than the road can handle, preventing legitimate motorists from getting on the road, and to their destination.
Was it a Hack?
There’s no claim that there was a hack – A hack is when a site is compromised and data on the servers are accessed. Most commonly this results in the words or images on the site being changed, and in the worst cases hackers will access data behind the scenes and steal private information.
Despite the ABS’ failings in the last 24 hours, there’s no assertion that our data has been compromised and nor should there be those concerns.
Should it have been prevented?
Yes. Hundreds of thousands of dollars were spent testing the servers load. That should have included DDOS testing.
More importantly, if the ABS is right in thinking this was a foreign attack – why was that possible? The Census site network should have diverted all international traffic to an alternate page – Australians overseas are not required to fill in the Census, so why would an overseas Hacker even be able to get access? Makes no sense.
Blame hackers all you like, Banks don’t get hacked, the ABS should be no different – you’ve got to invest in the protection.
Is the attack confirmed?
No. Right now, this is the ABS’ claim. There is no evidence yet from independent monitoring sources that there was any suspicious internet traffic last night.
Given the high level of data that is available in these circumstances, the ABS will need to produce clear evidence that any DDOS was responsible, and also show how or why they failed to prevent it
The upshot for Aussies?
No trust in “online’ As I said last night, Australians will no longer trust governments with online operations. Good luck getting Electronic Voting up. No politician would dare suggest it now.