Friday, 21 October 2016 09:42

Census 2016: Vocus lays blame on IBM employees Featured


Vocus Communications has hit back at IBM's claims that it was complicit in the 2016 census debacle, saying that the site went down because IBM employees incorrectly identified normal data traffic as data exfiltration and manually turned off their Internet gateway routers.

"The cause of the census website being unreachable was IBM employees falsely identifying normal traffic patterns as data exfiltration, and manually turning off their Internet gateway routers which IBM took approximately three hours to configure and bring the website back up again," Vocus said in a submission to the parliamentary panel inquiring into the census debacle.

Vocus added that it was not clear from IBM's submission to the panel as to what what "miscarry" took place to trigger IBM’s decision to shut down access to the site.

The reference was to this portion of IBM's submission: "Regrettably, the 7.27 pm DDoS attack (the fourth attack on 9 August) also caused one of the mechanisms used by IBM to monitor the performance of the census site to miscarry.

"As a result, some IBM employees who were observing the monitor mistakenly formed the view that there was a risk that data was being exfiltrated from the website and that the risk needed to be further investigated. Out of an abundance of caution, IBM shut down access to the site and assessed the situation. The cause of the problem was identified. No data exfiltration occurred."

The census website was taken offline on 9 August at about 7.30pm, with claims that a distributed denial of service was to blame. No proof has yet been offered to back up this claim.

Vocus said IBM's claim, that a fourth DDoS, that hit the site at 7.27pm on census night, was of sufficient magnitude to render the site unresponsive, was incorrect.

"Vocus does not agree that the fourth DDoS attack was the cause of the site becoming unresponsive. The fourth attack comprised of attack traffic which peaked at 563Mbps which is not considered significant in the industry, and lasted 14 minutes," it said.

A link was provided to a report from Arbor Networks, a well-known network security and network monitoring firm, to indicate that this fourth attack was "materially below the mean attack size".

"Such attacks would not usually bring down the census website which should have had relevant preparations in place to enable it to cater for the expected traffic from users as well as high likelihood of DDoS attacks," the Vocus submission said.

Vocus said it was also incorrect for IBM to represent that DDoS attack traffic travels through a single link, in this case, the Vocus Singapore peering link, adding that devices (botnets) used to launch DDoS attacks could be located anywhere in the world, including inside Australia.

"Furthermore, the Island Australia (geo-blocking) approach does not consider the reality of overseas network operators connecting to Australian service providers inside Australian borders," it said.

"In fact, during the fourth DDoS attack, Vocus had blocked the vast majority of DDoS traffic, only passing on a small percentage of the total traffic from botnet hosts in Asia and Australia.

"Once Vocus was made aware of the fourth DDoS attack, it implemented a static null route to block additional DDoS traffic at its international border routers within 15 minutes."

Vocus said it had advised Nextgen eight days before the census that it did not provide geo-blocking. It says it was, in fact, requested to disable its DDoS protection product covering the census IP space.

"If (the) Vocus DDoS protection product was left in place the census website would have been appropriately shielded from DDoS attacks. Vocus disagrees with the assessment that these DDoS protection measures were inappropriate due to the census 'unique traffic profile'," the submission said.

Vocus also pointed out that at no time prior to the census was it asked to take part in any testing of IBM's DDoS mitigation strategy, or given details of what testing had been undertaken.

"In fact, Vocus was not informed of IBM’s DDoS mitigation strategy, Island Australia, or its specific requirements, until after the fourth attack. As a result, any assumption that Vocus was required to, or had implemented Island Australia or geo-blocking... are inaccurate. It follows that the ‘error’ which IBM submits... that Vocus had committed is inaccurate, as Vocus was not, prior (to) the fourth attack, advised of Island Australia."

Read 5102 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News