Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 11 August 2016 09:46

Census 2016: ABS needs to provide proof of DDoS Featured

By

Like many other issues in Australia, Tuesday night's census debacle has turned into a political bunfight, with the technology being very much a minor debating point.

Presumably, this is because most of the politicians and public servants have little clue about the technology failure and are desperate to cover for their incompetence. In large part, most of the tech "experts" who have been on display have also spouted the government line, probably in the hope that future public sector contracts would fall their way.

There has been one tech analyst, who appeared on the ABC News 24's Breakfast programme, who did not fit the mould. Mark Gregory from RMIT University was the only person who expressed serious doubts about the governmental excuses. He said nothing should be taken for granted until there was some evidence either way.

Technical people like him are what we need to cut through all the bulldust. One person who is an expert in this art is Craig Sanders, a systems administrator of many decades, and one who can speak plainly. Many years ago, following a major distributed denial of service of attack on the Internet's root name servers, he was one who educated me on the phenomenon. This time was no different with Sanders; he calmly and clearly pointed me in the direction of the evidence that was needed.

If the census website crashed due to foreign intervention — either through a denial of service or a distributed denial of service how is it that none of the major security companies around the world did not notice it? You would need an attack of some magnitude to take down the ABS census site.

Such companies are a dime a dozen these days and every single one which had even the slightest evidence would have been all over the media trying to put their faces in front of a camera – or trying to get a few words in print or online.

Not a single company showed up with even a skerrick of evidence. That should speak for itself.

The Australian government and the ABS officials, chief statistician David Kalisch foremost, are sticking to the "foreign hand" defence. If they're making that claim, however, they should be able to back it up with some very conclusive data – network traffic graphs at a minimum, including graphs during the time of the alleged DDoS and during their testing of expected peak load.

And one would expect to see significant differences there, even taking into account the fact that synthetic load tests rarely reflect real-world usage.

They should also be able to provide IP addresses — or at least, a list of source IP country codes with packet and/or hit counts to prove a DDoS. It must be borne in mind that if a significant percentage of packets/hits over 40% were from outside our borders, there may have been a DDoS.

The claims of a foreign hand would be greatly strengthened if the ABS make their router and web-server logs suitably anonymised, e.g. only the first three octets of IPv4 addresses available for analysis by independent third parties. These need not be publicly available, but at least they should be provided to respectable and trustworthy outsiders who were not involved in setting up their site.

If this cannot be, or is not, done, then there are sufficient grounds to suspect that the ABS and the government are merely offering excuses for poor planning and testing.

Another fact arguing against the government excuses is the website digitalattackmap.com which shows clearly that there was no significant DDoS targeted at any website in Australia on census night.

This site tracks only big DDoS attacks, but any attack capable of taking down the census website should have been big enough to show up there. To put it another way, if it wasn't big enough to show up there, then it would not have been big enough to take down the census site.

It is easy to see on the digitalattack site that there have been other DDoS attacks which targetted Australia in the last month or so; in other words, Australia is not a foreigner to the kind of attacks that are big enough to register on digitalattackmap.com.

The most recent was on 2 Aug at 09:46 GMT (19:46 AEST) and it lasted for 13 minutes, peaking at about 34Gbps. Hence the question to Prime Minister Malcolm Turnbull, his cohorts, Kalisch, IBM and Revolution IT, the main players, is: show us the proof.

Rick Moen, a veteran sysadmin from California, who has also provided extremely valuable insight in the past, was inclined to be somewhat mellow this time.

"As someone who does large-scale Operations work, I sympathise with Kalisch's problem," he said. "My understanding is that ABS's rollout to digital submission is new this year, and it's difficult to make huge systems like this scale well on initial rollout, even after load testing.

"Problems can occur from unexpected software problems, failure to include hardware load balancing, router errors, plain shortage of capacity, and in a variety of other places. Good planning and reviews should get the kinks out, over time."

Moen said he found Kalisch's explanation, that the ABS took the site offline to terminate a claimed denial of service attack, strange, as this attack was aimed at precisely that objective. "I applaud his bureau putting emphasis on protecting Australian citizens' privacy and security, and wish his group a better experience going forward," he added.

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

MITIGATE FRAUD WITH HYLAND’S DIGITAL CREDENTIALING SOLUTION

Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time

JOIN WEBINAR!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments