sb-au logo
Story image

Hacker scare shuts down Australia's census site

The Australian census website was shut down last week after reportedly being targeted by foreign hackers. 

However, reports claim the federal government denies the census site was attacked or hacked, and that no data was lost.

Dr Jon Oliver, senior architect at Trend Micro, says he has complete confidence that the Australian Bureau of Statistics was prepared.

“Part of the problem is that they are collecting online a dataset of very high value in a short period of time, and anything of that value (with some controversy as well) will attract all manner of attackers including potentially sophisticated attackers,” says Oliver.

“There is also the possibility that more sophisticated attackers were attempting to breach the systems under the cover of a straight forward DDoS (Distributed Denial of Service​) attack. I agree with the ABS’ decision to close the site down after they had compelling evidence that these attacks were indeed happening.”

Dan Slattery, senior information security analyst at Webroot, says there is speculation that the attack happened as a protest against the ABS’s decision to collect and save personally identifiable information alongside the census, for the first time this year.

“There were worries that there may be a data breach and this information will become public or used for malicious purposes. The ABS have reported 14 separate data breaches since 2013,” says Slattery.

“DDoS attacks are reasonably easy to achieve, hackers can purchase botnet resources and point the distributed power of the compromised systems towards a specific server or website. These attacks are designed to disrupt access and bring a service offline. It isn’t designed to compromise data,” he adds.

Slattery also says that DDoS attacks are hard to stop because every server that is connected to the Internet is in some ways vulnerable.  

“The best way to mitigate the effectiveness of a DDoS attack is to plan ahead. It is important to have thorough estimates of the typical load on the servers and potential peak usage,” says Slattery.

“Since the ABS was planning on most households filling out the census on the 9th August they would have planned for the potential of having millions of concurrent users.”

It’s reported that no data was compromised or lost amidst the shut down and about 2.33 million census forms were successfully submitted beforehand.

Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
The importance of selecting a secure SD-WAN solution
It’s essential to adopt a secure SD-WAN solution to avoid the risks that an unsecured SD-WAN solution can introduce, writes Wavelink managing director Ilan Rubin.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Video: 10 Minute IT Jams - Who is Vectra AI?
Today, Techday spoke with Vectra AI head of security engineering Chris Fisher, who discusses the company's key products and offerings, updates on its operations in the A/NZ region, and the latest improvements on its products.More