Daily Bulletin


The Conversation

  • Written by Robert Merkel, Lecturer in Software Engineering, Monash University

Many Australians were unable to complete the Census on August 9 due to the Census website failing.

Australian Bureau of Statistics (ABS) chief statistician has blamed a deliberate “denial of service attack” for the failure.

The first three [attacks] caused minor disruption, but more than two million forms were successfully submitted and safely stored.

After the fourth attack, which took place just after 7.30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.

Like many government information systems, the Census site was outsourced to an external contractor: IBM. As well as writing the software required for the website, IBM was responsible for providing the computers that hosted it.

All of this is routine for IT projects, both government and commercial. And while reasonably large, the legitimate traffic generated by the Census is dwarfed by the traffic on websites like Google, Facebook and even the nonprofit Wikipedia.

Denial-of-service attacks

Denial-of-service attacks are deliberate attempts to render a computing service unavailable.

Such an attack can be performed in many ways, including interfering with physical infrastructure. However, the most common denial-of-service technique used against publicly available websites is to overwhelm it with huge numbers of requests, overloading the servers and crowding out legitimate users.

Typically, the requests come from “botnets”, which are large groups of computers – often home PCs or other poorly-defended devices – that have been taken over by hackers and are then misused for “distributed” denial-of-service attacks" (DDoS attacks). DDoS attacks have been used by activist hackers, cybercriminals and even state-sponsored hackers.

While the controversy surrounding the privacy implications of the 2016 Census may not have been anticipated by the ABS, a denial-of-service attack against the Census infrastructure was always possible and should have been anticipated – especially a DDoS launched by privacy activists.

There are a number of ways in which the dangers of a DDoS can be mitigated. It is unknown at this point what measures the ABS and its contractors took to prepare for the possibility.

image ABS Poor capacity planning? From the perspective of the computers straining under the load, a DDoS attack is indistinguishable from a larger-than-expected number of users attempting to access the system at once. The public statements of the ABS before Census night cast some doubt on whether the system was adequate to cope with even legitimate demand. The head of the ABS, Chris Libreri, had earlier claimed that its systems had been tested to cope with the load of actual Census submissions: We have load tested it at 150% of the number of people we think are going to be on it on Tuesday for eight hours straight and it didn’t look like flinching. The ABS stated that its website was designed to handle 1,000,000 form submissions per hour. However, around 18 million Australians live in the eastern states, which equates to about 7 million households. If even 50% of those households attempted to submit their census during the evening hours from 7pm to 9pm, that would equate to 1.75 million form submissions per hour, 75% more than the reported capacity of the site. Furthermore, it’s unlikely that traffic would be uniform within that time period. “Spikes” in traffic – perhaps after popular television shows ended – could potentially have overloaded the infrastructure even further. It seems almost incredible that the team responsible for the contracting would collectively make such an error in their capacity estimates. Regardless of the details of the attack, and whether other aspects of planning were inadequate, the Census failure will go down as another example of a failed “Big Bang deployment”. A Big Bang occurs when an IT system is deployed on a large scale, all at once, and is required to work first time. The US healthcare.gov website, the Queensland Health payroll system that failed so spectacularly in 2010, and even Channel 7’s Olympics app are examples of such all-at-once rollouts running into difficulty. The lessons for proponents of online voting should be clear.

Authors: Robert Merkel, Lecturer in Software Engineering, Monash University

Read more http://theconversation.com/census-website-cracks-after-malicious-attack-by-hackers-63734

Writers Wanted

From 'common scolds' to feminist reclamation: the fraught history of women and swearing in Australia

arrow_forward

Different Ways to Incorporate Natural Stone into Your Home

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism

Buy Instagram Followers And Likes Now

Do you like to buy followers on Instagram? Just give a simple Google search on the internet, and there will be an abounding of seeking outcomes full of businesses offering such services. But, th...

News Co - avatar News Co

Cybersecurity data means nothing to business leaders without context

Top business leaders are starting to realise the widespread impact a cyberattack can have on a business. Unfortunately, according to a study by Forrester Consulting commissioned by Tenable, some...

Scott McKinnel, ANZ Country Manager, Tenable - avatar Scott McKinnel, ANZ Country Manager, Tenable



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion