Australian gov't calls on experts over DDoS attack

Security experts from Australia's Department of Defence have been called in to assist federal government agencies that were targeted by a denial-of-service attack on Wednesday night, with sources predicting further attacks.

The Attorney General's Department (AGD) has called in the Defence Signals Directorate's Cyber Security Operations Centre and provided IT security advisors to each of the targeted agencies in Wednesday's attack, according to an AGD spokesperson.

The only website that appears to have been affected by yesterday's distributed denial-of-service (DDOS) attack on government web servers was the site belonging to the Australian prime minister and cabinet. But it was not hacked, according to the spokesperson.

"I can confirm that the prime minister's website was unavailable for a short time shortly after 7pm on 9 September, 2009. Visitors to the site received an error message stating that the service was unavailable," said the spokesperson. "There was no unauthorised access to the website's infrastructure."

A group calling itself 'Anonymous' published its threat to wage cyberwar on the Australian government a month ago on YouTube. It demanded that the government abandon its internet-filtering plans, and threatened to flood government email, fax, phone and internet services if its demand was not met.

Yesterday, AGD said it had referred the threats to the AFP, which was investigating the matter; however, it appears the response to the attacks was led by ISPs. "Agencies are working with their internet service providers to respond to any attacks," the AGD spokesperson said.

Media reports that claimed the Australian Media and Communications Authority (ACMA) was affected were inaccurate, according to the AGD.

The AGD spokesperson did not clarify whether ACMA had chosen to take down its site before the attack, though on Wednesday IT security body the Sans Institute suggested, if possible, switching off a target site before the attack.

Earlier this year, ACMA was subjected to a similar attack, which resulted in its site being shut down for several days as Australian Federal Police investigated the incident.

ZDNet UK's sister site, ZDNet Australia, understands that besides ACMA, the websites of welfare agency, Centrelink, universal health insurer, Medicare and minister for communications Stephen Conroy were also targeted. A spokesperson from Centrelink said its web servers were not affected.

Sans Institute member Mark Hofman, who was monitoring the attacks last night, said the group's only achievement was publicity. "As far as impact goes the net result seems to be zilch," wrote Hofman.

He later added: "It achieved some publicity and managed to make the PM's website unavailable for a few minutes. Otherwise there was no impact."

However, there is now speculation within senior levels of Australia's information security industry that follow-up attacks are expected.