Census semantics: was the website crash a cyber 'attack' or not?

People are questioning the minister responsible for Tuesday's census over his choice of words to describe the census website crash.

The ABS Census Twitter account.

The ABS Census Twitter account. Source: Twitter

When is an attack not an attack?

That's the puzzling question to emerge from the federal government's explanation of the events leading to the shutdown of the census website on Tuesday night.
The ABS chief statistician initially described it as an "attack" by foreigners in the digital space.

But this was contradicted outright by the minister responsible for the census Michael McCormack.

"This was not an attack, nor was it a hack, but rather it was an attempt to frustrate the collection of bureau of statistics census data," Mr McCormack stressed.

It might be a question of semantics, but to the average punter an "attack" looks very much like what happened.

The prime minister's own cyber security expert Alastair MacGibbon told journalists it was "not abnormal for Australian government services to be subjected to denial of service attempts".

This was meant to be reassuring, because apparently these kinds of threats happen all the time.

But, arguably, it's not.

First of all there were four sustained attacks over almost eight hours, culminating in what appears to have been a successful attempt to take down the geoblocks ringfencing the online census form from foreign intruders.

"That's one of the main defences used against denial of service," Mr MacGibbon explained.

"So once we lost the capability of preventing, essentially, the geolocation of data coming in then the router failed.

"As a result of that, there was information inside the system that the ABS and IBM took very cautiously.

"So not knowing what that information was (we) made a decision to take it off line."

What was this information inside the system? Could it have been some sort of malware? And why did the geoblock fail?

The government argues that because this was a denial of service event - the digital equivalent of parking a truck across a driveway - it's not overly significant.

"I feel by saying attacked, it looks as though and it seems as though, and it is so, that information was then gained," Mr McCormack said. "There was no successful attack."

But something untoward, and probably malicious, was happening.

It might be worth giving University of Melbourne Cyber Security expert Suelette Dreyfus the last word.

"It's a different sort of attack, but it's still an attack," she told AAP.

Share
3 min read
Published 10 August 2016 1:10pm
Updated 10 August 2016 1:34pm
Source: AAP


Share this with family and friends