{"id":66269,"date":"2021-08-09T14:30:32","date_gmt":"2021-08-09T04:30:32","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=66269"},"modified":"2021-08-09T12:31:36","modified_gmt":"2021-08-09T02:31:36","slug":"ethical-hackers-have-tested-australias-new-online-census-system","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/","title":{"rendered":"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" class=\"alignnone size-large wp-image-66271\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-1024x683.jpg\" \/><\/figure>\n<p>In the lead-up to tomorrow\u2019s census, cybersecurity specialists have been bombarding the Australian Bureau of Statistics\u2019 online systems to see if they can be broken.<\/p>\n<p>The head of the ABS, Australian Statistician David Gruen, says everyone involved in preparations for this exhaustive national headcount is intensely aware of the damage done by the distributed denial of service (DDoS) attacks that hit the online system in 2016. A DDoS attack is designed to disrupt or degrade an online service by flooding the system with traffic, consuming and diverting resources needed to support normal operations.<\/p>\n<p>A significant range of people might be keen to attack a census, Gruen said. \u2018We know we have to be ready for the full gamut, from kids who think it would be smart and a feather in their cap to have the census fail, through to state actors. We are collecting sensitive data which needs very strong protection.<\/p>\n<p>\u2018We are confident, but there is an irreducible level of risk that you just can\u2019t eliminate.\u2019<\/p>\n<p>The ABS has offered an online option since 2006, but the 2016 census was the first intended to be primarily digital.<\/p>\n<p>At 10.10\u00a0am on 9 August 2016, the eCensus system experienced the first of four DDoS attacks. It was regarded as a small attack and the public lost access for just five minutes.<\/p>\n<p>The ABS and IBM, the company contracted to build and run the eCensus, decided to implement a measure known as geoblocking to deal with any future attacks. This \u2018island Australia\u2019 step was intended to block all non-Australian IP addresses.<\/p>\n<p>At 11.45\u00a0am, a second attack occurred and the island Australia geoblocking process was implemented. A third attack, at 4.12\u00a0pm, was thwarted by the geoblocking and failed to shut down the system.<\/p>\n<p>The fourth and most complex attack came at 7.28\u00a0pm. This time the geoblocking didn\u2019t function as intended and the eCensus system was degraded faster than in the first three attacks.<\/p>\n<p>In responding to the fourth DDoS attack, IBM discovered that it couldn\u2019t log on to the routers at the IBM end of the links with the internet service providers. When the routers were rebooted, one of them couldn\u2019t be reloaded because settings were incorrect. IBM had to load it manually.<\/p>\n<p>Then an IBM network performance monitoring system indicated that there was outbound traffic from the census system and the company couldn\u2019t decide whether it was malicious or benign.<\/p>\n<p>As the situation escalated and became rapidly more uncertain, the ABS opted at 8.09\u00a0pm to close the eCensus because it feared confidential information might be downloaded under cover of the DDoS attacks.<\/p>\n<p>It was later determined that there was no unusual outbound traffic from the system\u2014no information had been lost.<\/p>\n<p>The system stayed down for nearly two days. The episode, and the confused messaging that surrounded it, shook public confidence in online systems generally and raised concerns about the government\u2019s ability to store information securely.<\/p>\n<p>In October 2016, the prime minister\u2019s special adviser on cyber security, Alastair MacGibbon, produced a report on what was known by then as the #CensusFail incident.<\/p>\n<p>MacGibbon concluded that the outages were preventable and resulted from a failure on the part of IBM to deliver on its contractual DDoS obligations. In addition, he said, the DDoS attacks on the ABS were small. Another government website was subjected to attacks many times more intense without suffering an outage.<\/p>\n<p>MacGibbon noted that a DDoS attack isn\u2019t a hack, a breach or a compromise where data is removed or altered. But such attacks can be used as a cover to divert attention while data is taken.<\/p>\n<p>And he said the outages weren\u2019t caused by Australians filling out the census online. In fact, the loads on the system were tracking according to predictions and were well within its capacity.<\/p>\n<p>Those responsible for the DDoS attacks weren\u2019t identified.<\/p>\n<p>Gruen said that on census night in 2016, the ABS decided to shut the system down because it was critical that information not be lost from it. \u2018As it turned out, no data was taken out of the system.\u2019<\/p>\n<p>Those events have been thoroughly investigated and all recommendations of various investigations have been implemented by the ABS.<\/p>\n<p>\u2018It\u2019s critical that we have involved the Australian Cyber Security Centre (ACSC) which is a part of the Australian Signals Directorate,\u2019 Gruen said.<\/p>\n<p>The centre was closely involved in the development of the new census digital service. \u2018They were involved in the tender process, and they\u2019ve overseen testing of our system in a range of ways.\u2019<\/p>\n<p>That included \u2018ethical hacking\u2019 by skilled private-sector practitioners testing the system for vulnerabilities with DDoS attacks of their own.<\/p>\n<p>\u2018We have worked very closely with the ACSC to be sure that everything we\u2019re doing makes sense from their point of view.\u2019<\/p>\n<p>Gruen said the risk of cyberattack couldn\u2019t be eliminated. \u2018Cyber criminals have also got more sophisticated, but everyone involved in the 2021 census is well aware of what happened last time.<\/p>\n<p>\u2018There\u2019s enormous determination that we safeguard the system as well as we can.<\/p>\n<p>\u2018I don\u2019t want to claim nothing can go wrong, but we have certainly done a huge amount to ensure the system has been tested at well above the levels of traffic we anticipate on the day.\u2019<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the lead-up to tomorrow\u2019s census, cybersecurity specialists have been bombarding the Australian Bureau of Statistics\u2019 online systems to see if they can be broken. The head of the ABS, Australian Statistician David Gruen, says &#8230;<\/p>\n","protected":false},"author":587,"featured_media":66271,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,713,2138,732],"class_list":["post-66269","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cyberattack","tag-cybersecurity","tag-ddos-attack"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist\" \/>\n<meta property=\"og:description\" content=\"In the lead-up to tomorrow\u2019s census, cybersecurity specialists have been bombarding the Australian Bureau of Statistics\u2019 online systems to see if they can be broken. The head of the ABS, Australian Statistician David Gruen, says ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-09T04:30:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-09T02:31:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Brendan Nicholson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Jerry Cashman\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Brendan Nicholson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/\",\"name\":\"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#primaryimage\"},\"datePublished\":\"2021-08-09T04:30:32+00:00\",\"dateModified\":\"2021-08-09T02:31:36+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/05899c3f9ed739cee652cbad02490edb\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/05899c3f9ed739cee652cbad02490edb\",\"name\":\"Brendan Nicholson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/432efb040ac92cb9a2cecaa148e1f70f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/432efb040ac92cb9a2cecaa148e1f70f?s=96&d=mm&r=g\",\"caption\":\"Brendan Nicholson\"},\"sameAs\":[\"https:\/\/twitter.com\/Jerry Cashman\"],\"url\":\"https:\/\/www.aspistrategist.ru\/author\/brendan-nicholson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/","og_locale":"en_US","og_type":"article","og_title":"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist","og_description":"In the lead-up to tomorrow\u2019s census, cybersecurity specialists have been bombarding the Australian Bureau of Statistics\u2019 online systems to see if they can be broken. The head of the ABS, Australian Statistician David Gruen, says ...","og_url":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2021-08-09T04:30:32+00:00","article_modified_time":"2021-08-09T02:31:36+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg","type":"image\/jpeg"}],"author":"Brendan Nicholson","twitter_card":"summary_large_image","twitter_creator":"@Jerry Cashman","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Brendan Nicholson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/08\/Completing_online_1-3-scaled-e1628473827577.jpg","width":1000,"height":667},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/","url":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/","name":"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#primaryimage"},"datePublished":"2021-08-09T04:30:32+00:00","dateModified":"2021-08-09T02:31:36+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/05899c3f9ed739cee652cbad02490edb"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/ethical-hackers-have-tested-australias-new-online-census-system\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"\u2018Ethical hackers\u2019 have tested Australia\u2019s new online census system"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/05899c3f9ed739cee652cbad02490edb","name":"Brendan Nicholson","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/432efb040ac92cb9a2cecaa148e1f70f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/432efb040ac92cb9a2cecaa148e1f70f?s=96&d=mm&r=g","caption":"Brendan Nicholson"},"sameAs":["https:\/\/twitter.com\/Jerry Cashman"],"url":"https:\/\/www.aspistrategist.ru\/author\/brendan-nicholson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66269"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/587"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=66269"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66269\/revisions"}],"predecessor-version":[{"id":66273,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/66269\/revisions\/66273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/66271"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=66269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=66269"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=66269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}