IBM has confirmed it will compensate the Australian government for a “malicious” cyber-attack that shut down the national census, but has claimed that two ISPs were also responsible for the security lapse.
For five years IBM was the lead contractor for the five-yearly household survey by the Australian Bureau of Statistics (ABS). However the project went off-line on census day after four distributed denial of service (DDoS) attacks.
The breach put a spanner in the works of government plans to trial online elections on the basis of its privacy street cred.
IBM was helping a police investigation but declined to say who was behind the attack.IBM claims that the attacks were launched through a router in Singapore and blamed Australian ISP Vocus Communications, a subcontractor of Nextgen Networks, for failing to shut it down.
In a written submission to the inquiry, IBM said its preferred anti-DDoS measure, which it calls “Island Australia”, involves “geoblocking”, or getting the company’s ISPs to shut down offshore traffic coming into the country.
In a written submission to the inquiry, Nextgen said IBM told it about “Island Australia” six days before the census website went live in July, and that IBM declared a test of the strategy four days before the census a success.
It said Nextgen followed IBM’s instructions, but noted that IBM rejected Nextgen’s offer of additional anti-DDoS detection measures.
Vocus said in a submission that it told Nextgen the week before the census that it “did not provide geoblocking” and that “Vocus was in fact requested to disable its DDoS protection product covering the e-Census IP space”.