Friday, 21 October 2016 08:26

Census 2016: IBM blames Nextgen, Vocus for stuff-up Featured


IBM has laid the blame on Nextgen Networks, and, through it, Vocus Communications, for the collapse of the census website on 9 August, claiming that its instructions to cut off overseas access when a distributed denial of service attack took place were not implemented.

Nextgen and Vocus have denied IBM's claims.

In a submission to the parliamentary panel inquiring into the census debacle, IBM said that ahead of the census, it had anticipated and planned for the risk of DDoS attacks.

The main defence planned was geo-blocking, which was known internally at IBM as Island Australia.

But IBM has also admitted that its employees made errors, stating: "Regrettably, the 7.27 pm DDoS attack (the fourth attack on 9 August) also caused one of the mechanisms used by IBM to monitor the performance of the census site to miscarry.

"As a result, some IBM employees who were observing the monitor mistakenly formed the view that there was a risk that data was being exfiltrated from the website and that the risk needed to be further investigated.

"Out of an abundance of caution, IBM shut down access to the site and assessed the situation. The cause of the problem was identified. No data exfiltration occurred."

The census site was taken offline on 9 August at about 7.30pm, with claims that a distributed denial of service was to blame. No proof has yet been offered to back up this claim.

IBM said this method (geo-blocking) was chosen "because the primary risk of DDoS attacks of sufficient size to disrupt site availability was considered to be from foreign sources".

It pointed out that public access to the site was provided by two ISP links: one by Nextgen Networks and the other by Telstra.

On census night, the submission says, a DDoS attack from a foreign source hit the site at 7.27pm. There had been smaller attacks during the day.

"The attack was foreign-sourced and hit the census site via the Nextgen link at a time when IBM had already directed Nextgen (and Telstra) that Island Australia was to be in place and in circumstances where Nextgen had provided repeated assurances to IBM prior to the attack that it had done so," the submission says.

But IBM claims these assurances were incorrect.

It says it was told, a day after the attack had passed, that "a Singapore link operated by one of Nextgen’s upstream suppliers (Vocus Communications or Vocus) had not been closed off and this was the route through which the attack traffic had entered the Nextgen link to the census site".

IBM also claimed that Vocus had admitted the error during a teleconference with it, Nextgen and Telstra around 11pm on 9 August.

The submission says that if Nextgen, and through it Vocus, had properly implemented Island Australia, it would have prevented the DDoS attack and avoided the debacle that occurred.

"The geo-blocking arrangements are implemented by the ISPs at the direction of IBM. When a DDoS attack is attempted, and is sufficiently severe so as to warrant implementing the geo-blocking arrangement, IBM directs Nextgen and Telstra to put Island Australia into place," it said.

The submission said that both before and during the census, information about security processes was treated as confidential and "generally shared only on a need-to-know basis to ensure site security".

It said the Australian Bureau of Statistics and the Australian Signals Directorate were both aware that IBM intended to use geo-blocking.

"The ABS' IT security personnel considered geo-blocking to be an 'extremely effective control'," the submission says.

Additionally, IBM said, it understood that the ASD had been asked by the ABS to review the security arrangements for the site, "but the ASD declined to undertake a detailed review".

IBM and the ABS met the ASD on 21 July to seek input on security threats. "During the course of that discussion, IBM asked the ASD if it was aware of any intelligence relating to planned denial of service attack risk. The ASD said it was not and (said) that it would keep the ABS/IBM informed if such intelligence emerged. The ASD did not provide IBM with any such intelligence."

The submission further said that IBM was aware that the ABS met ASIO representatives on the same day (21 July) to discuss security issues relating to the census, but was unaware of what was discussed.

Read 4077 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News