Analysis of IT Management Issues and DDoS Attack on ABS Census Website
VerifiedAdded on 2020/05/16
|9
|1747
|185
Report
AI Summary
This report examines the Distributed Denial of Service (DDoS) attack on the Australian Bureau of Statistics (ABS) census website in August 2016, detailing the IT management issues that contributed to its success. The report identifies key problems, including untested router restarts, unsynchronized backups, a limited tender process, missed DDoS testing, and the absence of a geo-blocking mechanism. It provides a comprehensive analysis of the attack scenario and the reasons behind it, highlighting the role of IBM, the IT supplier. Furthermore, the report offers practical recommendations to prevent and detect future attacks, such as overprovisioned bandwidth, strengthened network architecture, robust data backups, adherence to all project phases, and the use of DDoS testing tools. The conclusion emphasizes the need for proactive measures to mitigate security threats, providing valuable insights for business units and organizations to improve their IT management and security practices.
Australian Bureau of Statistics (ABS)
IT Management Issues
Distributed Denial of Service (DDoS) Attack
1/20/2018
IT Management Issues
Distributed Denial of Service (DDoS) Attack
1/20/2018
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Management Issues
Executive Summary
There are various forms of security attacks that take place on the web sites and web applications. One
of the frequent security attacks is the Distributed Denial of Service (DDoS) attack. The minor form of
DDoS attack succeeded in causing major implications for the census website of Australian Bureau of
Statistics (ABS) in August, 2016.
IBM was the IT supplier that was contracted for the development and deployment of the site. The
reasons behind the attack included a lot many IT management decisions and issues along with other
factors. The report highlights the attack scenario along with the major reasons behind the occurrence
of the attack. The set of recommendations to prevent and detect such attacks have also been included.
1
Executive Summary
There are various forms of security attacks that take place on the web sites and web applications. One
of the frequent security attacks is the Distributed Denial of Service (DDoS) attack. The minor form of
DDoS attack succeeded in causing major implications for the census website of Australian Bureau of
Statistics (ABS) in August, 2016.
IBM was the IT supplier that was contracted for the development and deployment of the site. The
reasons behind the attack included a lot many IT management decisions and issues along with other
factors. The report highlights the attack scenario along with the major reasons behind the occurrence
of the attack. The set of recommendations to prevent and detect such attacks have also been included.
1
IT Management Issues
Table of Contents
Introduction..............................................................................................................................................3
Problem Statement...............................................................................................................................3
Reasons for DDoS Attack on ABS’ e-census..........................................................................................3
Untested Router Restart.......................................................................................................................3
Unsynchronised Backup......................................................................................................................3
Limited Tender Process.......................................................................................................................4
Missed DDoS Testing..........................................................................................................................4
Absence of Geo-blocking Mechanism.................................................................................................4
Conclusion...............................................................................................................................................4
Recommendations....................................................................................................................................5
Overprovisioned Bandwidth................................................................................................................5
Strengthen Architecture.......................................................................................................................5
Data Backups.......................................................................................................................................5
Fulfilment of all Project Phases...........................................................................................................5
DDoS Testing Tools............................................................................................................................5
References................................................................................................................................................7
2
Table of Contents
Introduction..............................................................................................................................................3
Problem Statement...............................................................................................................................3
Reasons for DDoS Attack on ABS’ e-census..........................................................................................3
Untested Router Restart.......................................................................................................................3
Unsynchronised Backup......................................................................................................................3
Limited Tender Process.......................................................................................................................4
Missed DDoS Testing..........................................................................................................................4
Absence of Geo-blocking Mechanism.................................................................................................4
Conclusion...............................................................................................................................................4
Recommendations....................................................................................................................................5
Overprovisioned Bandwidth................................................................................................................5
Strengthen Architecture.......................................................................................................................5
Data Backups.......................................................................................................................................5
Fulfilment of all Project Phases...........................................................................................................5
DDoS Testing Tools............................................................................................................................5
References................................................................................................................................................7
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT Management Issues
Introduction
Australian Bureau of Statistics’ (ABS) census website witnessed Distributed Denial of Service
(DDoS) attack in August, 2016. A DDoS is a network security attack that is launched by clogging the
online service with a lot of unwanted traffic from multiple sources which leads to the situation of a
breakdown (Dudley-Nicholson & Bickers, 2016).
Problem Statement
DDoS attack on ABS’ e-census was a minor form of attack that should have been prevented and
controlled. However, due to insufficient diligence, incorrect managerial decisions and missed project
activities, the attacker could easily succeed in their attempts (Abc, 2016).
The report highlights the primary causes behind that attack and the measures of action that should
have been take for its detection and prevention.
Reasons for DDoS Attack on ABS’ e-census
IBM was the IT supplier that was selected for the design, development, and implementation of the
census website for ABS.
There are several reasons behind the occurrence of the DDoS attack on the website which are listed
and described below.
Untested Router Restart
In certain forms of DDoS attacks, the router randomly resets and reboots. Untested router restart could
be one of the contributing factors behind the successful occurrence of the attack. IBM must have
missed the testing of the router restart and reboot.
Unsynchronised Backup
One of the basic security prevention mechanisms is the backing up of the data. The census website for
ABS comprises of a lot of private and sensitive data sets that were required to be safeguarded and
kept protected against all forms of security attacks (Davidson, 2016).
IBM should have realized the significance of capturing synchronised backup of the data sets so that
the service continuity and availability could not be affected. However, it seems that the IT supplier
did not pay attention towards the same which led to a downtime of 40 hours.
3
Introduction
Australian Bureau of Statistics’ (ABS) census website witnessed Distributed Denial of Service
(DDoS) attack in August, 2016. A DDoS is a network security attack that is launched by clogging the
online service with a lot of unwanted traffic from multiple sources which leads to the situation of a
breakdown (Dudley-Nicholson & Bickers, 2016).
Problem Statement
DDoS attack on ABS’ e-census was a minor form of attack that should have been prevented and
controlled. However, due to insufficient diligence, incorrect managerial decisions and missed project
activities, the attacker could easily succeed in their attempts (Abc, 2016).
The report highlights the primary causes behind that attack and the measures of action that should
have been take for its detection and prevention.
Reasons for DDoS Attack on ABS’ e-census
IBM was the IT supplier that was selected for the design, development, and implementation of the
census website for ABS.
There are several reasons behind the occurrence of the DDoS attack on the website which are listed
and described below.
Untested Router Restart
In certain forms of DDoS attacks, the router randomly resets and reboots. Untested router restart could
be one of the contributing factors behind the successful occurrence of the attack. IBM must have
missed the testing of the router restart and reboot.
Unsynchronised Backup
One of the basic security prevention mechanisms is the backing up of the data. The census website for
ABS comprises of a lot of private and sensitive data sets that were required to be safeguarded and
kept protected against all forms of security attacks (Davidson, 2016).
IBM should have realized the significance of capturing synchronised backup of the data sets so that
the service continuity and availability could not be affected. However, it seems that the IT supplier
did not pay attention towards the same which led to a downtime of 40 hours.
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Management Issues
Limited Tender Process
It is necessary for the management to carry out effective and adequate planning and analysis activities
before going ahead with any of the projects. However, in the case of tender process for the selection
of an IT supplier for the project, a lack of an open process was observed (Johnston, 2016).
There was also lack of preparation that was witnessed in the process that led to the selection of a
supplier that could not provide the solution as per the requirements and expectations. There was also a
significant delay in the development activities that may have rushed the implementation and testing
processes. It is because of these reasons that the malevolent entities succeeded in giving shape to
minor forms of DDoS attacks.
Missed DDoS Testing
There are several phases that are carried out during a project lifecycle. One of such significant phases
is the testing phase.
In case of a website development, there are various form of testing activities that must be carried out,
such as system testing, integration testing, unit testing, regressions testing, performance testing, load
testing, security testing, and likewise. The testing types also depend upon the probable risks that may
occur on the system or the project (Ricca & Tonella, 2011).
DDoS is a common security risk that has become frequent in the case of websites and web
applications. Security testing of the census website for ABS should have included DDoS testing as
well. However, IBM could have missed on this particular form of testing that led to the presence of
security vulnerabilities.
Absence of Geo-blocking Mechanism
Geo-location blocking is a mechanism that provides the user with the capability to block or throttle
network traffic from any of the IP addresses, network or user agents, or any other malicious
geographical location (Radware, 2016).
The absence of the same in the census website could have contributed in the easy launch of the attack
(Cowan, 2016).
Conclusion
The primary causes behind the successful DDoS attack on the ABS’ census website have been found
to be ineffective management planning, incorrect management decisions, such as lack of an open
tender process, insufficient testing procedures, along with technical limitations. These reasons led to
4
Limited Tender Process
It is necessary for the management to carry out effective and adequate planning and analysis activities
before going ahead with any of the projects. However, in the case of tender process for the selection
of an IT supplier for the project, a lack of an open process was observed (Johnston, 2016).
There was also lack of preparation that was witnessed in the process that led to the selection of a
supplier that could not provide the solution as per the requirements and expectations. There was also a
significant delay in the development activities that may have rushed the implementation and testing
processes. It is because of these reasons that the malevolent entities succeeded in giving shape to
minor forms of DDoS attacks.
Missed DDoS Testing
There are several phases that are carried out during a project lifecycle. One of such significant phases
is the testing phase.
In case of a website development, there are various form of testing activities that must be carried out,
such as system testing, integration testing, unit testing, regressions testing, performance testing, load
testing, security testing, and likewise. The testing types also depend upon the probable risks that may
occur on the system or the project (Ricca & Tonella, 2011).
DDoS is a common security risk that has become frequent in the case of websites and web
applications. Security testing of the census website for ABS should have included DDoS testing as
well. However, IBM could have missed on this particular form of testing that led to the presence of
security vulnerabilities.
Absence of Geo-blocking Mechanism
Geo-location blocking is a mechanism that provides the user with the capability to block or throttle
network traffic from any of the IP addresses, network or user agents, or any other malicious
geographical location (Radware, 2016).
The absence of the same in the census website could have contributed in the easy launch of the attack
(Cowan, 2016).
Conclusion
The primary causes behind the successful DDoS attack on the ABS’ census website have been found
to be ineffective management planning, incorrect management decisions, such as lack of an open
tender process, insufficient testing procedures, along with technical limitations. These reasons led to
4
IT Management Issues
the presence of security vulnerabilities in the website that provided the malicious entities the
capability to easily launch the attack.
The business units must adapt pro-active measures for the prevention, detection, and control of the
security threats and attacks.
Recommendations
Overprovisioned Bandwidth
It is required for the public websites to have bandwidths reserved higher than their normal
requirements. Overprovisioning of the bandwidth will allow the website owners and administrators
with extra time to deal with the DDoS attempt by an attacker (Rubens, 2016). Also, it will provide the
capability to handle unexpected and sudden modifications in the traffic.
Strengthen Architecture
Resilient network architecture shall be formed to avoid and control the DDoS attacks. The attack
window and attack surface shall be minimized to avoid the DDoS attacks from taking place. The flood
drop thresholds for ICMP, SYN, and UDP shall be set at lower values. Also, data centres shall be
located on diverse paths and must be present on varied networks. There shall be no bottlenecks and
single points of failure present (Sahi, Lai, Li & Diykh, 2017).
Data Backups
Backing up of the data sets is mandatory in the current era to for damage control and disaster
recovery. In spite of the countermeasures against security threats and attacks, there are occurrences of
a security event that are witnessed. Data backups make sure that the availability of the service is not
hampered and the downtime is minimal (Zhang & Li, 2017).
Fulfilment of all Project Phases
Design, development, and implementation are significant activities in a project timeline. However,
planning, analysis, and testing are equally important. The management must make sure that all of the
project phases are carried out with equal dedication and effort to ensure that there are no loopholes or
vulnerabilities left in the end-product.
DDoS Testing Tools
There are numerous automated tools that have been developed to carry out DDoS testing on a website
or a web application.
Some of these tools include Low orbit Ion Cannon (LOIC), Http Unbearable Load King (HULK),
Silent-DDoSer, Net-Weave, DirtJumper v5.0, Runescapeddoser, and KillApache tool (Manasdeep,
5
the presence of security vulnerabilities in the website that provided the malicious entities the
capability to easily launch the attack.
The business units must adapt pro-active measures for the prevention, detection, and control of the
security threats and attacks.
Recommendations
Overprovisioned Bandwidth
It is required for the public websites to have bandwidths reserved higher than their normal
requirements. Overprovisioning of the bandwidth will allow the website owners and administrators
with extra time to deal with the DDoS attempt by an attacker (Rubens, 2016). Also, it will provide the
capability to handle unexpected and sudden modifications in the traffic.
Strengthen Architecture
Resilient network architecture shall be formed to avoid and control the DDoS attacks. The attack
window and attack surface shall be minimized to avoid the DDoS attacks from taking place. The flood
drop thresholds for ICMP, SYN, and UDP shall be set at lower values. Also, data centres shall be
located on diverse paths and must be present on varied networks. There shall be no bottlenecks and
single points of failure present (Sahi, Lai, Li & Diykh, 2017).
Data Backups
Backing up of the data sets is mandatory in the current era to for damage control and disaster
recovery. In spite of the countermeasures against security threats and attacks, there are occurrences of
a security event that are witnessed. Data backups make sure that the availability of the service is not
hampered and the downtime is minimal (Zhang & Li, 2017).
Fulfilment of all Project Phases
Design, development, and implementation are significant activities in a project timeline. However,
planning, analysis, and testing are equally important. The management must make sure that all of the
project phases are carried out with equal dedication and effort to ensure that there are no loopholes or
vulnerabilities left in the end-product.
DDoS Testing Tools
There are numerous automated tools that have been developed to carry out DDoS testing on a website
or a web application.
Some of these tools include Low orbit Ion Cannon (LOIC), Http Unbearable Load King (HULK),
Silent-DDoSer, Net-Weave, DirtJumper v5.0, Runescapeddoser, and KillApache tool (Manasdeep,
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
IT Management Issues
2012). The business units and organizations must implement and use these tools to prevent and detect
DDoS attacks.
6
2012). The business units and organizations must implement and use these tools to prevent and detect
DDoS attacks.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
IT Management Issues
References
Abc. (2016). ABS blames overseas hacking attack for census night shambles. ABC News. Retrieved
20 January 2018, from http://www.abc.net.au/news/2016-08-10/australian-bureau-of-
statistics-says-census-website-hacked/7712216
Cowan, P. (2016). Geoblocking wasn't enough to secure Census: MacGibbon. iTnews. Retrieved 20
January 2018, from https://www.itnews.com.au/news/geoblocking-wasnt-enough-to-secure-
census-macgibbon-440081
Davidson, H. (2016). Census 2016: ABS says deliberate attacks were to blame for website crashing.
the Guardian. Retrieved 20 January 2018, from https://www.theguardian.com/australia-
news/2016/aug/09/the-great-australian-census-fail-of-2016-website-crashes-under-load
Dudley-Nicholson, J., & Bickers, C. (2016). Australia’s 2016 Census had ‘significant and
obvious oversights,’ report finds. Retrieved 20 January 2018, from
http://www.news.com.au/technology/online/australias-2016-census-had-significant-and-
obvious-oversights-report-finds/news-story/6edcf8f897b2361965bd72683ee6edbe
Johnston, R. (2016). The ABS Says The Census Website Was DDoS Attacked. Gizmodo Australia.
Retrieved 20 January 2018, from https://www.gizmodo.com.au/2016/08/the-australian-
census-website-didnt-just-crash-it-was-hacked/
Manasdeep. (2012). Distributed Denial-of-Service Testing and Methodology. Niiconsulting.com.
Retrieved 20 January 2018, from https://www.niiconsulting.com/innovation/DDoS
%20Methodology.pdf
Radware. (2016). Dynamic IP Address and Cyber Attacks | Radware Security. Security.radware.com.
Retrieved 20 January 2018, from https://security.radware.com/ddos-threats-attacks/ddos-
attack-types/dynamic-ip-address-cyber-attacks/
Ricca, F., & Tonella, P. (2011). Analysis and Testing of Web Applications. Cs.du.edu. Retrieved 20
January 2018, from http://www.cs.du.edu/~sazghand/background_chap_papers/Analysis
%20and%20testing%20of%20Web%20applications.pdf
Rubens, P. (2016). 6 Tips for Fighting DDoS attacks. Esecurityplanet.com. Retrieved 20 January
2018, from https://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-
attacks.html
7
References
Abc. (2016). ABS blames overseas hacking attack for census night shambles. ABC News. Retrieved
20 January 2018, from http://www.abc.net.au/news/2016-08-10/australian-bureau-of-
statistics-says-census-website-hacked/7712216
Cowan, P. (2016). Geoblocking wasn't enough to secure Census: MacGibbon. iTnews. Retrieved 20
January 2018, from https://www.itnews.com.au/news/geoblocking-wasnt-enough-to-secure-
census-macgibbon-440081
Davidson, H. (2016). Census 2016: ABS says deliberate attacks were to blame for website crashing.
the Guardian. Retrieved 20 January 2018, from https://www.theguardian.com/australia-
news/2016/aug/09/the-great-australian-census-fail-of-2016-website-crashes-under-load
Dudley-Nicholson, J., & Bickers, C. (2016). Australia’s 2016 Census had ‘significant and
obvious oversights,’ report finds. Retrieved 20 January 2018, from
http://www.news.com.au/technology/online/australias-2016-census-had-significant-and-
obvious-oversights-report-finds/news-story/6edcf8f897b2361965bd72683ee6edbe
Johnston, R. (2016). The ABS Says The Census Website Was DDoS Attacked. Gizmodo Australia.
Retrieved 20 January 2018, from https://www.gizmodo.com.au/2016/08/the-australian-
census-website-didnt-just-crash-it-was-hacked/
Manasdeep. (2012). Distributed Denial-of-Service Testing and Methodology. Niiconsulting.com.
Retrieved 20 January 2018, from https://www.niiconsulting.com/innovation/DDoS
%20Methodology.pdf
Radware. (2016). Dynamic IP Address and Cyber Attacks | Radware Security. Security.radware.com.
Retrieved 20 January 2018, from https://security.radware.com/ddos-threats-attacks/ddos-
attack-types/dynamic-ip-address-cyber-attacks/
Ricca, F., & Tonella, P. (2011). Analysis and Testing of Web Applications. Cs.du.edu. Retrieved 20
January 2018, from http://www.cs.du.edu/~sazghand/background_chap_papers/Analysis
%20and%20testing%20of%20Web%20applications.pdf
Rubens, P. (2016). 6 Tips for Fighting DDoS attacks. Esecurityplanet.com. Retrieved 20 January
2018, from https://www.esecurityplanet.com/network-security/5-tips-for-fighting-ddos-
attacks.html
7
IT Management Issues
Sahi, A., Lai, D., Li, Y., & Diykh, M. (2017). An Efficient DDoS TCP Flood Attack Detection and
Prevention System in a Cloud Environment. IEEE Access, 1-1.
http://dx.doi.org/10.1109/access.2017.2688460
Zhang, J., & Li, H. (2017). Research and Implementation of a Data Backup and Recovery System for
Important Business Areas. 2017 9Th International Conference On Intelligent Human-
Machine Systems And Cybernetics (IHMSC). http://dx.doi.org/10.1109/ihmsc.2017.209
8
Sahi, A., Lai, D., Li, Y., & Diykh, M. (2017). An Efficient DDoS TCP Flood Attack Detection and
Prevention System in a Cloud Environment. IEEE Access, 1-1.
http://dx.doi.org/10.1109/access.2017.2688460
Zhang, J., & Li, H. (2017). Research and Implementation of a Data Backup and Recovery System for
Important Business Areas. 2017 9Th International Conference On Intelligent Human-
Machine Systems And Cybernetics (IHMSC). http://dx.doi.org/10.1109/ihmsc.2017.209
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.