[LINK] RFI: Census Site Implosion

Frank O'Connor francisoconnor3 at bigpond.com
Wed Aug 10 01:41:46 AEST 2016 

No, nope … I think incompetence covers it.

O course they will say they tested it, that the servers should have handled the demand within their load sharing tolerances, that their systems are ‘world’s best practice’, and that it was all the fault of some completely unforeseeable glitch that nobody could have predicted.

These same excuses, or one’s pretty much approximating same, will no doubt be used when they have extensive (but ‘utterly unforeseeable’) breaches and loss of personal taxpayer data (now with names attached), that spawns an identity fraud on Australian taxpayers that will be unmatched in its severity until the next time they mess up with ‘serving the Australian public’ … but that’s pretty much par for the course.

Thinking this would no doubt happen, I logged on and entered my data during the day … and had no problems completing the puppy. 

When dealing with Australian government ‘systems’, and ‘gateways’ and ‘portals', it pays to be a pessimist. 

Murphy is their CTO. 

Just my 2 cents worth …
---
> On 9 Aug 2016, at 9:00 PM, Roger Clarke <Roger.Clarke at xamax.com.au> wrote:
> 
> [Declaration:  I've been knee-deep in the policy aspects of the Census since March.  But this question is specifically about the technical aspects of the site.]
> 
> The comprehensiveness of the debacle during the evening of the Census seems to me to challenge the normal presumption that you choose incompetence over vindictiveness.
> 
> I'm not so much suggesting that either ABS insiders or IBM staff might have indulged in sabotage.  (Now that *would* be significant!).  But I'm wondering whether some skilled hackers might have done so.
> 
> Alright, allow for both, e.g.:
> (1) inadequate implementation and hence easily-found vulnerabilities, and
> (2) script-kiddies using mainstream attack tools.
> (Apologies if I'm using dated terminology).
> 
> In case they're of use for the purposes of collaborative post-debacle sleuthing, a couple of snapshots are below.
> 
> Two aspects of the whois listing are contributors to my suspicions:
>> Updated 23 minutes ago
>     The snapshot was taken c. 20:30 UT+10
>     OTOH, Last Modified shows 22-Mar-2016 05:20:10 UTC
>> DNSSEC:   unsigned
> 
> Okay, given that the traceroutes to *both* DNS-servers get nowhere fast, there's a possibility that some of the nearby networks weren't scaled for the hammering that they got this evening?  (Self-inflicted DDOS?).
> 
> But, as linkers know, I'm not very good once we get under the bonnet ...
> 
> ________
> 
> 
> ; <<>> DiG 9.3.6-APPLE-P2 <<>> abs.gov.au any
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;abs.gov.au.			IN	ANY
> 
> ;; ANSWER SECTION:
> abs.gov.au.		3846	IN	A	144.53.228.30
> abs.gov.au.		2089	IN	NS	ns1.abs.gov.au.
> abs.gov.au.		2089	IN	NS	ns1.telstra.net.
> 
> ;; AUTHORITY SECTION:
> abs.gov.au.		2089	IN	NS	ns1.telstra.net.
> abs.gov.au.		2089	IN	NS	ns1.abs.gov.au.
> 
> ;; ADDITIONAL SECTION:
> ns1.abs.gov.au.		6397	IN	A	144.53.226.90
> ns1.telstra.net.	54738	IN	A	139.130.4.5
> 
> ;; Query time: 17 msec
> ;; SERVER: 192.168.2.1#53(192.168.2.1)
> ;; WHEN: Tue Aug  9 20:28:38 2016
> ;; MSG SIZE  rcvd: 151
> 
> _____________
> 
> http://www.whois.com/whois/abs.gov.au
> abs.gov.au registry whois
> 
> Updated 23 minutes ago - Refresh
> 
> Domain Name:                     abs.gov.au
> Last Modified:                   22-Mar-2016 05:20:10 UTC
> Status:                          ok
> Registrar Name:                  Digital Transformation Office
> 
> Registrant:                      Australian Bureau of Statistics
> Registrant ID:                   OTHER n/a
> Eligibility Type:                Other
> 
> Registrant Contact ID:           GOVAU-WAAR1000
> Registrant Contact Name:         Duncan Anderson
> Registrant Contact Email:        Visit whois.ausregistry.com.au for Web based WhoIs
> 
> Tech Contact ID:                 GOVAU-WAAR1001
> Tech Contact Name:               Duncan Anderson
> Tech Contact Email:              Visit whois.ausregistry.com.au for Web based WhoIs
> 
> Name Server:                     ns1.telstra.net
> Name Server:                     ns1.abs.gov.au
> Name Server IP:                  144.53.226.90
> DNSSEC:                          unsigned
> 
> _______________
> 
> traceroute to 139.130.4.5 (139.130.4.5), 64 hops max, 40 byte packets
> 1  ------------  0.813 ms  0.350 ms  0.347 ms
> 2  ------------  0.773 ms  1.420 ms  5.011 ms
> 3  ------------  14.454 ms  14.832 ms  14.789 ms
> 4  ------------  14.553 ms  16.984 ms  14.401 ms
> 5  ------------  14.413 ms  14.615 ms  14.066 ms
> 6  te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185)  14.343 ms  15.494 ms  14.233 ms
> 7  xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196)  15.073 ms  16.102 ms  16.001 ms
> 8  ae0.cr1.cbr2.on.ii.net (150.101.33.7)  16.761 ms  14.979 ms  14.643 ms
> 9  ae2.br1.syd4.on.ii.net (150.101.33.22)  18.526 ms  21.261 ms  18.534 ms
> 10  203.8.176.5 (203.8.176.5)  20.021 ms  19.026 ms  19.636 ms
> 11  bundle-ether13.ken-edge902.sydney.telstra.net (139.130.214.101)  18.918 ms  19.201 ms  21.643 ms
> 12  bundle-ether14.ken-core10.sydney.telstra.net (203.50.11.96)  21.073 ms  19.223 ms  23.181 ms
> 13  gigabitethernet5-1.pit-service2.sydney.telstra.net (203.50.20.124)  21.935 ms  19.090 ms  19.341 ms
> 14  * * *
> 15  * * *
> 16  * *
> 
> ______________
> 
> traceroute to 144.53.226.90 (144.53.226.90), 64 hops max, 40 byte packets
> 1  -----------  10.976 ms  0.992 ms  0.361 ms
> 2  -----------  1.148 ms  1.019 ms  3.286 ms
> 3  -----------  15.018 ms  13.977 ms  14.045 ms
> 4  -----------  24.397 ms  14.901 ms  14.519 ms
> 5  -----------  17.593 ms  14.193 ms  16.235 ms
> 6  te2-0-0.bdr1.cbr1.on.ii.net (59.167.21.185)  14.313 ms  14.582 ms  14.794 ms
> 7  xe-0-3-0-202.cr1.adl6.on.ii.net (150.101.33.196)  15.105 ms  14.726 ms  14.874 ms
> 8  ae0.cr1.cbr2.on.ii.net (150.101.33.7)  19.050 ms  14.960 ms  17.762 ms
> 9  ae2.br1.syd4.on.ii.net (150.101.33.22)  22.196 ms  26.937 ms  44.181 ms
> 10  * 203.8.176.5 (203.8.176.5)  18.987 ms  28.516 ms
> 11  syd-optus.gw.aapt.net.au (203.8.183.45)  18.684 ms  18.918 ms  19.162 ms
> 12  * * *
> 13  * * *
> 14  * * *
> 15  * * *
> 16  * * 59.154.142.208 (59.154.142.208)  23.464 ms
> 17  * 119.225.50.190 (119.225.50.190)  25.832 ms *
> 18  * * *
> 19  * * *
> 20  * * *
> 21  119.225.50.190 (119.225.50.190)  32.199 ms  32.096 ms  32.018 ms
> 22  * * *
> 23  * * *
> 24  * * *
> 
> [Is this a loop I see before me?]
> 
> ______________
> 
> -- 
> Roger Clarke                                 http://www.rogerclarke.com/
> 			            
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> Tel: +61 2 6288 6916                        http://about.me/roger.clarke
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
> 
> Visiting Professor in the Faculty of Law            University of N.S.W.
> Visiting Professor in Computer Science    Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list