[LINK] RFI: Census Site Implosion
Marghanita da Cruz
marghanita at ramin.com.au
Tue Aug 9 21:51:55 AEST 2016
Just got onto the site after not being able to earlier this evening.
This is what I got.
"Log in to your 2016 Census
* Thank you for participating in the Census. The system is very busy
at the moment. Please wait for 15 minutes before trying again. Your
patience and cooperation are appreciated. [code 9]
* JavaScript is required to use this online form. Please enable
JavaScript on your device or for assistance call the Census Inquiry
Service on 1300 214 531. [code 950]"
I expect like the election Government Agencies are feeling budget cuts.
Marghanita
On 09/08/16 21:00, Roger Clarke wrote:
> [Declaration: I've been knee-deep in the policy aspects of the Census since March. But this question is specifically about the technical aspects of the site.]
>
> The comprehensiveness of the debacle during the evening of the Census seems to me to challenge the normal presumption that you choose incompetence over vindictiveness.
>
> I'm not so much suggesting that either ABS insiders or IBM staff might have indulged in sabotage. (Now that *would* be significant!). But I'm wondering whether some skilled hackers might have done so.
>
> Alright, allow for both, e.g.:
> (1) inadequate implementation and hence easily-found vulnerabilities, and
> (2) script-kiddies using mainstream attack tools.
> (Apologies if I'm using dated terminology).
>
> In case they're of use for the purposes of collaborative post-debacle sleuthing, a couple of snapshots are below.
>
> Two aspects of the whois listing are contributors to my suspicions:
>> Updated 23 minutes ago
> The snapshot was taken c. 20:30 UT+10
> OTOH, Last Modified shows 22-Mar-2016 05:20:10 UTC
>> DNSSEC: unsigned
> Okay, given that the traceroutes to *both* DNS-servers get nowhere fast, there's a possibility that some of the nearby networks weren't scaled for the hammering that they got this evening? (Self-inflicted DDOS?).
>
> But, as linkers know, I'm not very good once we get under the bonnet ...
>
> ________
>
>
> ; <<>> DiG 9.3.6-APPLE-P2 <<>> abs.gov.au any
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;abs.gov.au. IN ANY
>
> ;; ANSWER SECTION:
> abs.gov.au. 3846 IN A 144.53.228.30
> abs.gov.au. 2089 IN NS ns1.abs.gov.au.
> abs.gov.au. 2089 IN NS ns1.telstra.net.
>
> ;; AUTHORITY SECTION:
> abs.gov.au. 2089 IN NS ns1.telstra.net.
> abs.gov.au. 2089 IN NS ns1.abs.gov.au.
>
> ;; ADDITIONAL SECTION:
> ns1.abs.gov.au. 6397 IN A 144.53.226.90
> ns1.telstra.net. 54738 IN A 139.130.4.5
>
> ;; Query time: 17 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Tue Aug 9 20:28:38 2016
> ;; MSG SIZE rcvd: 151
>
> _____________
>
> http://www.whois.com/whois/abs.gov.au
> abs.gov.au registry whois
>
> Updated 23 minutes ago - Refresh
>
> Domain Name: abs.gov.au
> Last Modified: 22-Mar-2016 05:20:10 UTC
> Status: ok
> Registrar Name: Digital Transformation Office
>
> Registrant: Australian Bureau of Statistics
> Registrant ID: OTHER n/a
> Eligibility Type: Other
>
> Registrant Contact ID: GOVAU-WAAR1000
> Registrant Contact Name: Duncan Anderson
> Registrant Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
>
> Tech Contact ID: GOVAU-WAAR1001
> Tech Contact Name: Duncan Anderson
> Tech Contact Email: Visit whois.ausregistry.com.au for Web based WhoIs
>
> Name Server: ns1.telstra.net
> Name Server: ns1.abs.gov.au
> Name Server IP: 144.53.226.90
> DNSSEC: unsigned
>
> _______________
>
> traceroute to 139.130.4.5 (139.130.4.5), 64 hops max, 40 byte packets
> 1 ------------ 0.813 ms 0.350 ms 0.347 ms
> 2 ------------ 0.773 ms 1.420 ms 5.011 ms
> 3 ------------ 14.454 ms 14.832 ms 14.789 ms
> 4 ------------ 14.553 ms 16.984 ms 14.401 ms
> 5 ------------ 14.413 ms 14.615 ms 14.066 ms
> 6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.343 ms 15.494 ms 14.233 ms
> 7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.073 ms 16.102 ms 16.001 ms
> 8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 16.761 ms 14.979 ms 14.643 ms
> 9 ae2.br1.syd4.on.ii.net (150.101.33.22) 18.526 ms 21.261 ms 18.534 ms
> 10 203.8.176.5 (203.8.176.5) 20.021 ms 19.026 ms 19.636 ms
> 11 bundle-ether13.ken-edge902.sydney.telstra.net (139.130.214.101) 18.918 ms 19.201 ms 21.643 ms
> 12 bundle-ether14.ken-core10.sydney.telstra.net (203.50.11.96) 21.073 ms 19.223 ms 23.181 ms
> 13 gigabitethernet5-1.pit-service2.sydney.telstra.net (203.50.20.124) 21.935 ms 19.090 ms 19.341 ms
> 14 * * *
> 15 * * *
> 16 * *
>
> ______________
>
> traceroute to 144.53.226.90 (144.53.226.90), 64 hops max, 40 byte packets
> 1 ----------- 10.976 ms 0.992 ms 0.361 ms
> 2 ----------- 1.148 ms 1.019 ms 3.286 ms
> 3 ----------- 15.018 ms 13.977 ms 14.045 ms
> 4 ----------- 24.397 ms 14.901 ms 14.519 ms
> 5 ----------- 17.593 ms 14.193 ms 16.235 ms
> 6 te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185) 14.313 ms 14.582 ms 14.794 ms
> 7 xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196) 15.105 ms 14.726 ms 14.874 ms
> 8 ae0.cr1.cbr2.on.ii.net (150.101.33.7) 19.050 ms 14.960 ms 17.762 ms
> 9 ae2.br1.syd4.on.ii.net (150.101.33.22) 22.196 ms 26.937 ms 44.181 ms
> 10 * 203.8.176.5 (203.8.176.5) 18.987 ms 28.516 ms
> 11 syd-optus.gw.aapt.net.au (203.8.183.45) 18.684 ms 18.918 ms 19.162 ms
> 12 * * *
> 13 * * *
> 14 * * *
> 15 * * *
> 16 * * 59.154.142.208 (59.154.142.208) 23.464 ms
> 17 * 119.225.50.190 (119.225.50.190) 25.832 ms *
> 18 * * *
> 19 * * *
> 20 * * *
> 21 119.225.50.190 (119.225.50.190) 32.199 ms 32.096 ms 32.018 ms
> 22 * * *
> 23 * * *
> 24 * * *
>
> [Is this a loop I see before me?]
>
> ______________
>
--
Marghanita da Cruz
Telephone: 0414-869202
Email: marghanita at ramin.com.au
Website: http://ramin.com.au
More information about the Link
mailing list