Jump to content
chrisg

This Census

Recommended Posts

http://www.abc.net.au/news/2016-08-10/census/7712216

 

So, hacked four times yesterday. Tell me again how using on-line services is so wonderfully efficient and safe and correct ;)

 

The information collected in that census will do nothing for future infrastructure . The information needed for future infrastructure can be accessed

at any given time from the local councils and general surveying as is normally the case. And even then it's not a given that the information gathered

will actually be considered worthy of acting on. Just look at the lack of infrastructure around the city of Melbourne ... New inner city accommodation, but just

no easy way to travel around :P

 

I would argue all last nights census will do is gather names and religious identities. As to whether all the information given in the census is real ...

... that will be a time consuming effort on the ABS's effort to discover.

Share this post


Link to post
Share on other sites

 

Every law matters while it's in effect. Data matters forever. I'm probably going to live another 44 years. That's more than enough time for a new fuckity government to fuck me around,

Good thing the identifying information is being scrubbed after 4 then. 3 more years of this government, and the incoming government in 2019 will likely have more pressing matters than repealing a 1905 Census law. ;)

 

 

plus, law or no law, its only 4 years, which when you think about it (and the general slowness of information technology these days) is really only a meagre 35,040 hours for illegal/unscrupulous access, misuse, and duplication of data in perpetuity to occur — that doesnt seem worth thinking about

 

tina-fey-eye-roll.jpg

  • Like 1

Share this post


Link to post
Share on other sites

 

 

tina-fey-eye-roll.jpg

 

LOL

 

 

 

 

I can't believe how incompetent this entire process has been. If I handled my services like this, I'd be out of a job.

I was thinking the same thing last night. The level of incompetency is astonishing.

How can you not either; a) perform a decent amount of performance and volume testing and b) prevent a DDoS attack...when you pretty much know that is exactly what is going to happen.

​It's actually quite embarrassing.

 

 

I'll also add, that the level of misinformation now is pretty funny, too. I guess if you're not into this type of thing you won't know, but everyone is going

"OMG Hax00rs! My data is not secure! The government got hacked, they are going to steal our personal information"

 

It was a denial of service attack, which we all know is just designed to bring the service down. There was not particular security breach, that I am aware of.

 

 

 

Edited by twinair
  • Like 1

Share this post


Link to post
Share on other sites

Thank the media for that.

 

Any computer related problem is either a crash, "got hacked" or "got hacked with personal details stolen".

Share this post


Link to post
Share on other sites

Yep.
Yep.

However, the ABS should come out and clear things up. Like ASAP.
People are fkn paranoid about their personal details. We are potentially on the cusp of electronic voting. If the public believe the ABS was hacked and data integrity was compromised, then there's no way anyone will buy into online voting.

Edited by twinair

Share this post


Link to post
Share on other sites

I'm going to say I'll be seriously surprised if it was an attack, I'll bet it all just melted down...

 

But yes, any security of any quality should be able to deal with DDoS.

 

Cheers

Share this post


Link to post
Share on other sites

ABS said system was designed for 1 million per hour, but some say it should have been designed for 3 million per hour

Share this post


Link to post
Share on other sites

I'll be surprised if there wasn't a DDoS attack on the ABS. Events like an online census are prime candidate.

Share this post


Link to post
Share on other sites

Perhaps Mac, but it really is not that difficult to deal with.

 

Actually countrywide reports are coming in saying it was slow, not accepting input, not allowing login quite a time before it finally crashed.

 

Cheers

Edited by chrisg

Share this post


Link to post
Share on other sites

I'll be surprised if there wasn't a DDoS attack on the ABS. Events like an online census are prime candidate.

 

Yes, but the first 3 didn't have much impact - it's when every mum and dad and their 4 kids tried to fill in the form at 1930 the system melted down

Edited by Jeruselem

Share this post


Link to post
Share on other sites

 

I'll be surprised if there wasn't a DDoS attack on the ABS. Events like an online census are prime candidate.

Yes, but the first 3 didn't have much impact - it's when every mum and dad and their 4 kids tried to fill in the form at 1930 the system melted down

 

Or so you assume.

 

There are 2 issues here, maybe a lot more. From what the ABS have said the site was shut down on the 4th attack, there was no 'meltdown'.

Share this post


Link to post
Share on other sites

:)

 

And you really think that is the truth Mac?

 

(Pssst!! Wanna buy a bridge? :) )

 

/Cheers

Share this post


Link to post
Share on other sites

:)

 

And you really think that is the truth Mac?

 

(Pssst!! Wanna buy a bridge? :) )

 

/Cheers

As I said, a DDoS attack for something like this is not unusual.

 

If you have other facts that indicate that the ABS is lying and that there was no attack I'd love to see it.

 

We should separate fact from opinion - it's bad enough people on the TV and radio wailing about the security of their data because the census was 'hacked'. Sure bashing the government and government departments is a national hobby, and there are a lot of questions to be answered.

 

However from what we can gather the ABS went outside to IBM and RevIT to implement the census and it failed. Did they get the right advice? Did they cut corners? Did they ignore advice? Did they correctly implement what was recommended?

 

Sure, we can continually post 'the morons done fucked it up and my datas is missing!!!!!!', or we can see what comes out over time...

Share this post


Link to post
Share on other sites

Well apparently adequate load testing was performed by RevIT. They ran it at 150% capacity for 8 hours and the system "didn't even flinch."

 

So if that is accurate, then it's fairly safe to assume that it was a DDoS attack that brought it down.

 

 

That's a lot of bots.

Share this post


Link to post
Share on other sites

Blaming hackers is one way to deflect blame for a clusterfuck.


Census site is back on line ... for now

Share this post


Link to post
Share on other sites

Blaming hackers is one way to deflect blame for a clusterfuck.

I'm going to assume that there was a DDoS attack because that's what we have been told, it's well within the realms of possibility and there is zero evidence to the contrary.

 

That being said, it in no way deflects blame as they should have expected such attacks. I'd be amazed if IBM and RevIT didn't propose a design that could cope with such attacks, the question is why it failed.

Share this post


Link to post
Share on other sites

 

Blaming hackers is one way to deflect blame for a clusterfuck.

I'm going to assume that there was a DDoS attack because that's what we have been told, it's well within the realms of possibility and there is zero evidence to the contrary.

 

That being said, it in no way deflects blame as they should have expected such attacks. I'd be amazed if IBM and RevIT didn't propose a design that could cope with such attacks, the question is why it failed.

 

 

The entire contract for the eCensus was 10 million! Yes 10 million, that is less than 50 cents per person in the country.

Share this post


Link to post
Share on other sites

OH I'm not arguing Mac, it is opinion, but one held well BEFORE census night by most informed IT people across the country, the system would crumble. There's been quite enough large campaigns that said they were robust that have melted down in the past.

 

DDoS mitigation whilst not trivial ought to have been well within the competence of their security people.

 

Cheers

Share this post


Link to post
Share on other sites

OH I'm not arguing Mac, it is opinion, but one held well BEFORE census night by most informed IT people across the country, the system would crumble.

And how would 'most informed IT people across the country'(sic) know it would crumble unless they knew, in detail, the solution put in place by the ABS, IBM, and RevIT?

 

Sure, it looked like it didn't cope with the load, DDoS aside, but most informed IT people across the world would know it's possible to implement a solution that could handle the load and cope with DDoS.

 

The thing is, I don't know what they implemented so I can't comment on how bad a job they did.

 

I'm actually looking forward to finding out what went wrong.

Edited by Mac Dude

Share this post


Link to post
Share on other sites

It didn't even have to be the "solution" now did it?

 

The Internet alone could well have had choke points with or without DDoS. In DDoS attacks that is not at all unusual.

 

If you jump onto News,com.au you'll find a number of security experts questioning if there was even was an attack because the attack maps don't show one and right at the end of one article a one-liner that the ABS admits it was a result of load. Media of course, but telling.

 

But yes, the report should be interesting.

 

Cheers

Share this post


Link to post
Share on other sites

Exactly. Unless you're privy to the solution architecture, you have no idea on server specs, load balancing technologies etc. Nothing.


LOL@news.com.au. The headline says it all...

 

27wywja.png

 

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×