Story image

Hacker scare shuts down Australia's census site

15 Aug 2016

The Australian census website was shut down last week after reportedly being targeted by foreign hackers. 

However, reports claim the federal government denies the census site was attacked or hacked, and that no data was lost.

Dr Jon Oliver, senior architect at Trend Micro, says he has complete confidence that the Australian Bureau of Statistics was prepared.

“Part of the problem is that they are collecting online a dataset of very high value in a short period of time, and anything of that value (with some controversy as well) will attract all manner of attackers including potentially sophisticated attackers,” says Oliver.

“There is also the possibility that more sophisticated attackers were attempting to breach the systems under the cover of a straight forward DDoS (Distributed Denial of Service​) attack. I agree with the ABS’ decision to close the site down after they had compelling evidence that these attacks were indeed happening.”

Dan Slattery, senior information security analyst at Webroot, says there is speculation that the attack happened as a protest against the ABS’s decision to collect and save personally identifiable information alongside the census, for the first time this year.

“There were worries that there may be a data breach and this information will become public or used for malicious purposes. The ABS have reported 14 separate data breaches since 2013,” says Slattery.

“DDoS attacks are reasonably easy to achieve, hackers can purchase botnet resources and point the distributed power of the compromised systems towards a specific server or website. These attacks are designed to disrupt access and bring a service offline. It isn’t designed to compromise data,” he adds.

Slattery also says that DDoS attacks are hard to stop because every server that is connected to the Internet is in some ways vulnerable.  

“The best way to mitigate the effectiveness of a DDoS attack is to plan ahead. It is important to have thorough estimates of the typical load on the servers and potential peak usage,” says Slattery.

“Since the ABS was planning on most households filling out the census on the 9th August they would have planned for the potential of having millions of concurrent users.”

It’s reported that no data was compromised or lost amidst the shut down and about 2.33 million census forms were successfully submitted beforehand.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.