SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Hacker scare shuts down Australia's census site
Mon, 15th Aug 2016
FYI, this story is more than a year old

The Australian census website was shut down last week after reportedly being targeted by foreign hackers.

However, reports claim the federal government denies the census site was attacked or hacked, and that no data was lost.

Dr Jon Oliver, senior architect at Trend Micro, says he has complete confidence that the Australian Bureau of Statistics was prepared.

“Part of the problem is that they are collecting online a dataset of very high value in a short period of time, and anything of that value (with some controversy as well) will attract all manner of attackers including potentially sophisticated attackers,” says Oliver.

“There is also the possibility that more sophisticated attackers were attempting to breach the systems under the cover of a straight forward DDoS (Distributed Denial of Service‚Äč) attack. I agree with the ABS' decision to close the site down after they had compelling evidence that these attacks were indeed happening.

Dan Slattery, senior information security analyst at Webroot, says there is speculation that the attack happened as a protest against the ABS's decision to collect and save personally identifiable information alongside the census, for the first time this year.

“There were worries that there may be a data breach and this information will become public or used for malicious purposes. The ABS have reported 14 separate data breaches since 2013,” says Slattery.

“DDoS attacks are reasonably easy to achieve, hackers can purchase botnet resources and point the distributed power of the compromised systems towards a specific server or website. These attacks are designed to disrupt access and bring a service offline. It isn't designed to compromise data,” he adds.

Slattery also says that DDoS attacks are hard to stop because every server that is connected to the Internet is in some ways vulnerable.

“The best way to mitigate the effectiveness of a DDoS attack is to plan ahead. It is important to have thorough estimates of the typical load on the servers and potential peak usage,” says Slattery.

“Since the ABS was planning on most households filling out the census on the 9th August they would have planned for the potential of having millions of concurrent users.

It's reported that no data was compromised or lost amidst the shut down and about 2.33 million census forms were successfully submitted beforehand.