Menu
IBM ignites Census war as blame game begins

IBM ignites Census war as blame game begins

Big Blue fires Census bullet back at Australian Government, with Nextgen and Vocus also coming under fire.

The attack, according to IBM, was foreign-sourced and hit the eCensus site via the NextGen link at a time when IBM had already told NextGen and Telstra that ‘Island Australia’ was to be in place. NextGen had provided “repeated assurances” to IBM prior to the attack that it had done this, the company said.

“In fact, the assurances were incorrect. IBM was informed – later that day after the attack had passed – that a Singapore link operated by one of NextGen’s upstream suppliers (Vocus Communications) had not been closed off, and this was the route through which the attack traffic had entered the NextGen link to the eCensus site.

“Vocus admitted the error in a teleconference with IBM, NextGen and Telstra around 11.00 pm on 9 August 2016,” said IBM.

IBM claimed that if NextGen and Vocus properly implemented ‘Island Australia,’ it would have been effective to prevent the final DDoS attack, and the effects that it had on the eCensus site which, ultimately, led to its shutdown.

“As a result, the eCensus site would not have become unavailable to the public during the peak period on 9 August 2016,” said IBM.

For its part, Vocus – the upstream supplier of Nextgen and provided IP Transit Services and DDoS protection services to Nextgen which were resupplied to IBM for the eCensus project – has questioned IBM’s version of events.

“Vocus does not agree that the fourth DDoS attack was the cause of the site becoming unresponsive,” Vocus’ submission to the committee stated.

“The fourth attack comprised of attack traffic which peaked at 563Mbps which is not considered significant in the industry, and lasted 14 minutes.

“Such attacks would not usually bring down the census website which should have had relevant preparations in place to enable it to cater for the expected traffic from users as well as high likelihood of DDoS attacks,” it said.

This mirrors earlier comments by the ABS, which said in its submission that the DDoS attack should not have been able to disrupt the system and that, despite extensive planning and preparation by the ABS for the 2016 Census, the risk was “not adequately addressed” by IBM.

According to Vocus, the cause of the census website being unreachable was “IBM employees falsely identifying normal traffic patterns” as data exfiltration, and “manually turning off their Internet gateway routers” – a claim that IBM’s submission supports.

In addition, Vocus said IBM “took approximately three hours to configure and bring the website back up again”.

“The traffic coming through the Singapore link amounted to a total of 563Mbps, and not of a size to cause the census website to become unresponsive, had appropriate network security measures been implemented by IBM,” Vocus’ submission stated.

“In addition, it is incorrect for IBM to represent that DDoS attack traffic travels through a single link, in this case, the Vocus Singapore peering link,” it said.

Referring to IBM’s technical description of the DDoS attacks, Vocus added that devices (‘botnets’) can be located anywhere in the world, including inside Australia.

Furthermore, the telco claims that the ‘Island Australia approach’ “does not consider the reality of overseas network operators” connecting to Australian service providers inside Australian borders.

“In fact, during the fourth DDoS attack, Vocus had blocked the vast majority of DDoS traffic, only passing on a small percentage of the total traffic from botnet hosts in Asia and Australia,” Vocus’ submission added.

“Once Vocus was made aware of the fourth DDoS Attack, it implemented a static null route to block additional DDoS traffic at its international border routers within 15 minutes,” the company said.

Although Big Blue said it accepts its responsibility as the head contractor for the eCensus project, the use of ISPs, such as NextGen, to provide links to the eCensus site was required for the projects and could not be avoided.

The company also revealed that, since the 11 August shutdown of the site, there have been further DDoS attacks on the eCensus site, all of which have been successfully defended.

“The DDoS attacks on 9 August 2016 highlight the importance of the risk that cybersecurity threats present to both government and industry, now and into the future,” the company said.

Additional reporting by James Henderson.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Malcolm TurnbullTelstraNextgenVocus Communications

More about Australian Bureau of StatisticsBig BlueIBMIslandNextGenNextgen NetworksVocus

Show Comments
[]