Thursday, 11 August 2016

"No evidence that the census servers suffered a DoS - online security researcher

No unusual cyber attack activity census night


*Update: #CensusFail may symbolise Turnbull government’s competence. The New Daily

*Update 2: Michael McCormack's website hacked as tech woes continue for government.  The Age  

The gov is running around like headless chooks, feathers flying, trying to save their political ass from the Great Australian Census Internet fail of 2016 (GACIF). The first priority in such a scenario is to deny all responsibility that it was their fault.


Hence we have the very dubious story that the census was bought down by the most simplest of cyber attacks; a "denial-of-service" (DoS) traffic block. Something that happens everyday to sites in 2016 in the world. Something that even if it did happen there are evidently things that can be done to limit said attacks.

Given that IBM was the company running the show on the night the census died, it does seem very strange that such a company with long term experience wouldn't have had such programs in place to stop a cyber attack such as the very common run of the mill DoS attack that the gov now claims the census suffered. Attacks that if they even happened at all appeared minor.

There is also the above world attack tracking snip that shows no unusual activity on the night for Australia. 

In short, IMO the gov is lying about their incapacity to get their stupid 1950's heads around the 2016 internet world. Their incapacity to think forward and that the future internet doesn't include the use of copper. That they thought a 100 year old network would suffice for today's internet. 
The census servers were not actually hosted by the ABS but by IBM, a company with extensive experience of running server networks. 

The ABS also spent around A$470,000 load-testing its census servers in anticipation of census night. It claimed to have tested the system to 150% of the expected load, saying that it could handle 1 million form submissions per hour – twice what the ABS expected it would need. 

However, that might have underestimated the kind of load the servers should have expected. 

Consider that there were 12.9 million internet subscribers in Australia at the end of 2015 (according to ABS figures, no less). 

If each of these represents a household (a reasonable assumption, given that 99.3% of internet connections are broadband) and 2 million of these households accessed the census system during the day, this leaves a potential 10.9 million households attempting to reach the census servers in the evening. 

If only half of those households actually attempted to fill out their census form last night, that still would have exceeded the ABS’s anticipated submission rate. 

There is also the issue of how it conducted its load-testing, and whether it worked around average numbers per hour or considered peaks in activity. 

While the ABS may have attempted to anticipate the traffic on census night, there are indications that it didn’t consider all of the possible bottlenecks. Security journalist Patrick Gray also quotes a security professional’s analysis of some of these bottlenecks. 

There is also no evidence – besides the claims of the ABS and Minister McCormack – that the census servers suffered a DDoS. One website that tracks DDoS attacks globally showed no unusual activity in Australia around the time of the census, although such websites are not 100% accurate. 

So while it’s possible that the census servers did suffer a DDoS attack, the evidence that it actually happened is inconclusive. 

However, if the servers were already struggling under the load caused by Australians filling out their census forms, then even a weak DDoS could have been sufficient to tip it over the edge. Computer World 
 BTW, I read today only about 2 million households were able to accomplish their census online forms.