Daily Bulletin


The Conversation

  • Written by Robert Merkel, Lecturer in Software Engineering, Monash University

Many Australians were unable to complete the Census on August 9 due to the Census website failing.

Australian Bureau of Statistics (ABS) chief statistician has blamed a deliberate “denial of service attack” for the failure.

The first three [attacks] caused minor disruption, but more than two million forms were successfully submitted and safely stored.

After the fourth attack, which took place just after 7.30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.

Like many government information systems, the Census site was outsourced to an external contractor: IBM. As well as writing the software required for the website, IBM was responsible for providing the computers that hosted it.

All of this is routine for IT projects, both government and commercial. And while reasonably large, the legitimate traffic generated by the Census is dwarfed by the traffic on websites like Google, Facebook and even the nonprofit Wikipedia.

Denial-of-service attacks

Denial-of-service attacks are deliberate attempts to render a computing service unavailable.

Such an attack can be performed in many ways, including interfering with physical infrastructure. However, the most common denial-of-service technique used against publicly available websites is to overwhelm it with huge numbers of requests, overloading the servers and crowding out legitimate users.

Typically, the requests come from “botnets”, which are large groups of computers – often home PCs or other poorly-defended devices – that have been taken over by hackers and are then misused for “distributed” denial-of-service attacks" (DDoS attacks). DDoS attacks have been used by activist hackers, cybercriminals and even state-sponsored hackers.

While the controversy surrounding the privacy implications of the 2016 Census may not have been anticipated by the ABS, a denial-of-service attack against the Census infrastructure was always possible and should have been anticipated – especially a DDoS launched by privacy activists.

There are a number of ways in which the dangers of a DDoS can be mitigated. It is unknown at this point what measures the ABS and its contractors took to prepare for the possibility.

image ABS Poor capacity planning? From the perspective of the computers straining under the load, a DDoS attack is indistinguishable from a larger-than-expected number of users attempting to access the system at once. The public statements of the ABS before Census night cast some doubt on whether the system was adequate to cope with even legitimate demand. The head of the ABS, Chris Libreri, had earlier claimed that its systems had been tested to cope with the load of actual Census submissions: We have load tested it at 150% of the number of people we think are going to be on it on Tuesday for eight hours straight and it didn’t look like flinching. The ABS stated that its website was designed to handle 1,000,000 form submissions per hour. However, around 18 million Australians live in the eastern states, which equates to about 7 million households. If even 50% of those households attempted to submit their census during the evening hours from 7pm to 9pm, that would equate to 1.75 million form submissions per hour, 75% more than the reported capacity of the site. Furthermore, it’s unlikely that traffic would be uniform within that time period. “Spikes” in traffic – perhaps after popular television shows ended – could potentially have overloaded the infrastructure even further. It seems almost incredible that the team responsible for the contracting would collectively make such an error in their capacity estimates. Regardless of the details of the attack, and whether other aspects of planning were inadequate, the Census failure will go down as another example of a failed “Big Bang deployment”. A Big Bang occurs when an IT system is deployed on a large scale, all at once, and is required to work first time. The US healthcare.gov website, the Queensland Health payroll system that failed so spectacularly in 2010, and even Channel 7’s Olympics app are examples of such all-at-once rollouts running into difficulty. The lessons for proponents of online voting should be clear.

Authors: Robert Merkel, Lecturer in Software Engineering, Monash University

Read more http://theconversation.com/census-website-cracks-after-malicious-attack-by-hackers-63734

Writers Wanted

NSW wants to change rules on suspending and expelling students. How does it compare to other states?

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

What Few People Know About Painters

What do you look for when renting a house? Most potential tenants look for the general appearance of a house. If the house is poorly decorated, they are likely to turn you off. A painter Adelaide ...

News Co - avatar News Co

Important Instagram marketing tips

Instagram marketing is one of the most important approaches for digital advertisers. If you want to promote products online, then Instagram along with Facebook is the perfect option. After Faceboo...

News Co - avatar News Co

Top 3 Accident Law Firms of Riverside County, CA

Do you live in Riverside County and faced an accident and now looking for a trusted Law firm to present your case? If yes, then you have come to the right place. The purpose of the article is to...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion