#Censusfail Australia: Not an attack, data safe, no heads to roll
A DDOS is not a hack, says cyber-security Czar as minister nods in agreement
“This was not an attack, nor was it a hack”: that's the official government position on the collapse of last night's Australian online Census systems, attributed to a denial-of-service attack.
The chief statistician David Kalisch, the small business minister Michael McCormack and the government's infosec spokesperson Alexander MacGibbon have fronted the press to defend accusations that last night's Census collapse represents a “fiasco”.
According to a timeline provided to the press conference by McCormack, the first denial-of-service attack against the Census forms infrastructure occurred just after 10:00AM yesterday, causing a brief outage, and the traffic spike was over by 10:19AM.
There was another traffic spike at 11:46AM, and at that time, the Australian Bureau of Statistics (ABS) decided to block all international traffic as its DDoS mitigation strategy.
At the time of the second attack, he said, the ABS called in sigint agency the Australian Signals Directorate (ASD).
There were small-scale traffic spikes just before 5:00PM and at 6:15PM, but at 7:15PM the roof caved in: while legitimate traffic was spiking, the geoblocking failed. While the census site tried to handle all that traffic, McCormack claimed a router failed as well.
That led to the ABS decision to shut the system down, which took place at 7:45PM, he said.
Kalisch said user traffic was ramping up, but still below its 260 forms per second rated capacity when the final attack took place.
McCormack said the ABS, contractor IBM and the ASD continued consultations about the issue throughout the evening, and with the system taken offline the ABS backed up the data and took it to secure storage.
McCormack reiterated ABS statements that there was no compromise of data, and said this has been confirmed by the ASD.
Chief statistician David Kalisch took to the microphone to apologise for the outage and said “your data is secure, your data is encrypted, your data is safe at the ABS”, but added that the online systems aren't returning just yet.
“I need to be assured about the robustness of our arrangements before I put it back online”, he said, with the ABS taking the ASD's advice.
Kalisch was not asked (and Vulture South could not ask, because the press conference took place in a city where our operatives do not live) why the geoblocking service failed, nor why a traffic spike killed a router.
Things got messy in the press conference over what constitutes an “attack” and a “breach”: Kalisch said when the geoblock failed “the denial-of-service breached the online form”.
That got cleaned up to some extent by the government's cyber security special advisor, Alastair MacGibbon, who complained that he's been trying to explain the difference between a “breach” and a denial-of-service for 15 years.
“It's not abnormal for government services to be subjected to DoS attempts”, MacGibbon said. “A denial-of-service is not a breach … it's not designed to take data, it's designed to frustrate”.
MacGibbon said the vast bulk of DoS attacks are thwarted; and last night's incident depended on the particular sequence of events to bring the system down.
Readers will be thrilled to know that no jobs will be lost as a result of the #Censusfail, since Kalisch believes the ABS made the right decisions and planned the Census well and McCormack has only been the responsible minister for three weeks.
“The ABS has apologised for this inconvenience, but it's better to be safe than sorry”, the minister concluded before ending the press conference.
There remains scepticism about the denial-of-service explanation, with many people on Twitter and on the journalists-must-not-quote-us Australian Network Operators User Group mailing list saying there's no evidence of a heavy traffic spike on attack maps.
However, 260 forms per second isn't such a high capacity that it would necessarily cause a spike on network-watchers' graphs. ®
Update Australian prime minister Malcolm Turnbull has commented on the #censusfail in a press conference, labelling the incident a DDOS attack and saying he's been advised by the ASD that no data was compromised. The PM also said he expects a formal review of the census will soon take place.