Reports indicated that foreign hackers were behind the census crash in Australia. The Australia Bureau of Statistics took the initiative to close down the system to maintain the integrity of the data. On further investigation, the bureau claimed that the online census form was victim to four distributed DDoS attacks, each of a specific nature and varying severity.
Nik Chaykovskiy, the Senior Customer Success Manager of Semalt, explains why things like this happen.
The attack attempts to make a site unavailable to users by flooding it with more requests than it can handle. Website requests for information pass through a server which approves and allows the individual to view the page. However, it can only deal with a certain number of requests. An overload may lead to complete failure of server crashes, making the site temporarily unavailable. DDoS attacks rely on several devices spread throughout the world, hence the name "distributed". The groups of interconnected devices are known as "botnets" each infected with malware that gives hackers back entry into a site using remote access.
Reasons for DDoS Use
Hackers may use DDoS attacks for a variety of reasons. Among them are:
- Hacktivism. Hacktivists use such attacks to protests against certain actions by a target.
- Extortion. Cyber criminals are known to use this method to acquire money in exchange for stopping the ongoing attacks.
- Business Competition. DDoS may not be a legitimate business practice, but it is sometimes used to put down or stall the performance of a competitor's website.
- Script Kiddies. Some online users use pre-made scripts to vandalize the online activities of others such as gamers.
First of all, we have to understand that hackers must have known of possible vulnerabilities of the Census site. It was probably because of the heavy traffic that was due. Consequently, the site has increasingly become a target for overseas hackers to show how the Australian government's system is prone to attack. It could also be a response to the increased public comments about their security and privacy concerns. Andy Hurren also had the same sentiments, believing that the point made was the failure to protect a high-profile national online system. The reasons motivating the attacks are less likely to be money or data, however. Other possible reasons are discontented overseas hackers who do not agree with the system or someone who wished to showcase their hacker skills.
Is the Data Safe?
A DDoS attack mainly focuses its attempts on crashing the site. It does not target the data contained on the site. However, some attackers may use the DDoS attack to act as a diversion, from which they can then siphon away user data from the network such as the case of TalkTalk telecom firm.
ABS firmly believe that the main reason for the Census site crash is a DDoS attack. There could be myriad reasons, but since ABS has more information and would know what to look for when determining the source, and the scope of the damage. MR. Hurren, who is a cyber-security expert explained that conversations between the Australian Signals Directorate and relevant stakeholders are already taking shape. It could be easy to trace the source of the attack, but the complexity of the attack may make the finger-pointing very difficult for them.