Story image

Hacker scare shuts down Australia's census site

15 Aug 16

The Australian census website was shut down last week after reportedly being targeted by foreign hackers. 

However, reports claim the federal government denies the census site was attacked or hacked, and that no data was lost.

Dr Jon Oliver, senior architect at Trend Micro, says he has complete confidence that the Australian Bureau of Statistics was prepared.

“Part of the problem is that they are collecting online a dataset of very high value in a short period of time, and anything of that value (with some controversy as well) will attract all manner of attackers including potentially sophisticated attackers,” says Oliver.

“There is also the possibility that more sophisticated attackers were attempting to breach the systems under the cover of a straight forward DDoS (Distributed Denial of Service​) attack. I agree with the ABS’ decision to close the site down after they had compelling evidence that these attacks were indeed happening.”

Dan Slattery, senior information security analyst at Webroot, says there is speculation that the attack happened as a protest against the ABS’s decision to collect and save personally identifiable information alongside the census, for the first time this year.

“There were worries that there may be a data breach and this information will become public or used for malicious purposes. The ABS have reported 14 separate data breaches since 2013,” says Slattery.

“DDoS attacks are reasonably easy to achieve, hackers can purchase botnet resources and point the distributed power of the compromised systems towards a specific server or website. These attacks are designed to disrupt access and bring a service offline. It isn’t designed to compromise data,” he adds.

Slattery also says that DDoS attacks are hard to stop because every server that is connected to the Internet is in some ways vulnerable.  

“The best way to mitigate the effectiveness of a DDoS attack is to plan ahead. It is important to have thorough estimates of the typical load on the servers and potential peak usage,” says Slattery.

“Since the ABS was planning on most households filling out the census on the 9th August they would have planned for the potential of having millions of concurrent users.”

It’s reported that no data was compromised or lost amidst the shut down and about 2.33 million census forms were successfully submitted beforehand.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.