[LINK] RFI: Census Site Implosion
Roger Clarke
Roger.Clarke at xamax.com.au
Tue Aug 9 21:00:40 AEST 2016
[Declaration: I've been knee-deep in the policy aspects of the Census since March. But this question is specifically about the technical aspects of the site.]
The comprehensiveness of the debacle during the evening of the Census seems to me to challenge the normal presumption that you choose incompetence over vindictiveness.
I'm not so much suggesting that either ABS insiders or IBM staff might have indulged in sabotage. (Now that *would* be significant!). But I'm wondering whether some skilled hackers might have done so.
Alright, allow for both, e.g.:
(1) inadequate implementation and hence easily-found vulnerabilities, and
(2) script-kiddies using mainstream attack tools.
(Apologies if I'm using dated terminology).
In case they're of use for the purposes of collaborative post-debacle sleuthing, a couple of snapshots are below.
Two aspects of the whois listing are contributors to my suspicions:
>Updated 23 minutes ago
The snapshot was taken c. 20:30 UT+10
OTOH, Last Modified shows 22-Mar-2016 05:20:10 UTC
>DNSSEC: unsigned
Okay, given that the traceroutes to *both* DNS-servers get nowhere fast, there's a possibility that some of the nearby networks weren't scaled for the hammering that they got this evening? (Self-inflicted DDOS?).
But, as linkers know, I'm not very good once we get under the bonnet ...
________
; <<>> DiG 9.3.6-APPLE-P2 <<>> abs.gov.au any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;abs.gov.au. IN ANY
;; ANSWER SECTION:
abs.gov.au. 3846 IN A 144.53.228.30
abs.gov.au. 2089 IN NS ns1.abs.gov.au.
abs.gov.au. 2089 IN NS ns1.telstra.net.
;; AUTHORITY SECTION:
abs.gov.au. 2089 IN NS ns1.telstra.net.
abs.gov.au. 2089 IN NS ns1.abs.gov.au.
;; ADDITIONAL SECTION:
ns1.abs.gov.au. 6397 IN A 144.53.226.90
ns1.telstra.net. 54738 IN A 139.130.4.5
;; Query time: 17 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Tue Aug 9 20:28:38 2016
;; MSG SIZE rcvd: 151
_____________
http://www.whois.com/whois/abs.gov.au
abs.gov.au registry whois
Updated 23 minutes ago - Refresh
Domain Name: abs.gov.au
Last Modified: 22-Mar-2016 05:20:10 UTC
Status: ok
Registrar Name: Digital Transformation Office
Registrant: Australian Bureau of Statistics
Registrant ID: OTHER n/a
Eligibility Type: Other
Registrant Contact ID: GOVAU-WAAR1000
Registrant Contact Name: Duncan Anderson
Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Tech Contact ID: GOVAU-WAAR1001
Tech Contact Name: Duncan Anderson
Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
Name Server: ns1.telstra.net
Name Server: ns1.abs.gov.au
Name Server IP: 144.53.226.90
DNSSEC: unsigned
_______________
traceroute to 139.130.4.5 (139.130.4.5), 64 hops max, 40 byte packets
1 ------------ 0.813 ms 0.350 ms 0.347 ms
2 ------------ 0.773 ms 1.420 ms 5.011 ms
3 ------------ 14.454 ms 14.832 ms 14.789 ms
4 ------------ 14.553 ms 16.984 ms 14.401 ms
5 ------------ 14.413 ms 14.615 ms 14.066 ms
6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.343 ms 15.494 ms 14.233 ms
7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.073 ms 16.102 ms 16.001 ms
8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 16.761 ms 14.979 ms 14.643 ms
9 ae2.br1.syd4.on.ii.net (150.101.33.22) 18.526 ms 21.261 ms 18.534 ms
10 203.8.176.5 (203.8.176.5) 20.021 ms 19.026 ms 19.636 ms
11 bundle-ether13.ken-edge902.sydney.telstra.net (139.130.214.101) 18.918 ms 19.201 ms 21.643 ms
12 bundle-ether14.ken-core10.sydney.telstra.net (203.50.11.96) 21.073 ms 19.223 ms 23.181 ms
13 gigabitethernet5-1.pit-service2.sydney.telstra.net (203.50.20.124) 21.935 ms 19.090 ms 19.341 ms
14 * * *
15 * * *
16 * *
______________
traceroute to 144.53.226.90 (144.53.226.90), 64 hops max, 40 byte packets
1 ----------- 10.976 ms 0.992 ms 0.361 ms
2 ----------- 1.148 ms 1.019 ms 3.286 ms
3 ----------- 15.018 ms 13.977 ms 14.045 ms
4 ----------- 24.397 ms 14.901 ms 14.519 ms
5 ----------- 17.593 ms 14.193 ms 16.235 ms
6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.313 ms 14.582 ms 14.794 ms
7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.105 ms 14.726 ms 14.874 ms
8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 19.050 ms 14.960 ms 17.762 ms
9 ae2.br1.syd4.on.ii.net (150.101.33.22) 22.196 ms 26.937 ms 44.181 ms
10 * 203.8.176.5 (203.8.176.5) 18.987 ms 28.516 ms
11 syd-optus.gw.aapt.net.au (203.8.183.45) 18.684 ms 18.918 ms 19.162 ms
12 * * *
13 * * *
14 * * *
15 * * *
16 * * 59.154.142.208 (59.154.142.208) 23.464 ms
17 * 119.225.50.190 (119.225.50.190) 25.832 ms *
18 * * *
19 * * *
20 * * *
21 119.225.50.190 (119.225.50.190) 32.199 ms 32.096 ms 32.018 ms
22 * * *
23 * * *
24 * * *
[Is this a loop I see before me?]
______________
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916 http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list