Defence hauled in over PM website attack

Defence hauled in over PM website attack

Summary: Security experts from Defence have been called in to assist agencies that were targeted by last night's attack on the Prime Minister's and other agency websites. More attacks are expected, according to sources.

SHARE:

Security experts from the Department of Defence have been called in to assist federal government agencies that were targeted by last night's denial-of-service attack, with sources predicting further attacks.

The Attorney General's Department (AGD) has called in the Defence Signals Directorate's Cyber Security Operations Centre and has provided IT security advisors to each of the targeted agencies in yesterday's attack, according to an AGD spokesperson.

The only website that appears to have been affected by yesterday's distributed denial-of-service (DDOS) attack on government web servers was the site belonging to the Prime Minister & Cabinet. But it was not hacked, according to the spokesperson.

"I can confirm that the Prime Minister's website was unavailable for a short time shortly after 7pm on 9 September 2009. Visitors to the site received an error message stating that the service was unavailable," said the spokesperson. "There was no unauthorised access to the website's infrastructure."

A group calling itself "Anonymous" had published its threat to wage cyber war on the Australian Government a month ago on YouTube. It had demanded that the Labor Government abandon its internet filtering plans and threatened to flood government email, fax, phone and internet services if its demand was not met.

Yesterday, AGD said it had referred the threats to the AFP, which was investigating the matter; however, it appears the response to the attacks were led by ISPs. "Agencies are working with their internet service providers (ISPs) to respond to any attacks," the AGD spokesperson said.

Media reports which claimed the Australian Media and Communications Authority (ACMA) was "affected" were inaccurate, according to the AGD. The spokesperson did not clarify whether ACMA had chosen to take down its site before the attack, though yesterday the IT security body the SANS (SysAdmin, Audit, Network, Security) Institute suggested to, if possible, switch off a target site before the attack.

ACMA was earlier this year subjected to a similar attack which resulted in its site being shut down for several days as Australian Federal Police investigated the incident.

ZDNet.com.au understands that besides ACMA, the websites of welfare agency, Centrelink, universal health insurer, Medicare, and Minister for Communications Stephen Conroy were also targeted. A spokesperson from Centrelink said its web servers were not affected.

SANS Institute member Mark Hofman, who was monitoring the attacks last night, said the group's only achievement was publicity. "As far as impact goes the net result seems to be zilch," wrote Hofman. He later added: "It achieved some publicity and managed to make the PM's website unavailable for a few minutes. Otherwise there was no impact."

However, there is now speculation within senior levels of Australia's information security industry that follow up attacks are expected.

Topics: Security, Government, Government AU

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Michael Saunders

    While I don't approve of the method used.
    I must admit it seems to be about the only time Senator Conroy has spoken.
    We have an Internet filter that is secret. The list has been proven not to contain only porn.
    Is there a reason Senator Conroy wont discuss the matter seriously. Everyone who is wants to discuss it is not a pedophile. This seems to be the ministers answer.
    Australia is not China lets start behaving like we are not.
    anonymous
  • don't agree with method

    don't agree with method -> i agree with the protest.
    CAN WE GET A REAL MINISTER FOR THE DIGITAL ECONOMY ITS 2009 AND THE GUY IS CLEARLY AN IDIOT.
    anonymous
  • Well if you must use Microsoft

    No one in their right mind uses a Microsoft server exposed to the public and expects to be secure.

    All these sites are Microsoft sites. If the admins can not secure them, what confidence can we have in their other "technical" judgments?
    anonymous
  • Well if you must use Microsoft

    It's not a case of being secure. The DOS attack will work on any perfectly secure web site.
    anonymous
  • Gronk alert

    It has nothing to do with the operating system. This thread is about denial of service attacks and they are likely to affect any and all operating systems equally.

    Or are you telling me that you can run a web server on FreeBSD, Linux or Solaris and expect that server to withstand any conceivable attack?

    Before you open your neck again I'll just let you know that I use both Windows and non-Windows operating systems, all of which are exposed to the public Internet and all remain unattacked. Whether that is due to good security or good public relations is something I hope I don't have to find out.

    9MSN runs on Windows and it is the most visited website in Australia - has been for donkeys years. You don't see that site going down often. Do you...
    anonymous
  • DSD reverse DDOS

    In retaliation DSD ordered several Australian tier one ISPs to block over 13,000 IPs.

    DSD did not as far as I can tell contact the registered owners (whose contact details are available via whois) to let them know they were blocked, why they were blocked, what they could do about being blocked or what criteria were used to justify blocking their IPs.

    In at least one case this caused disruption and potential financial loss to an large educational institution.

    It may well have caused similar inconvenience to tens of thousands of other users and potentially finaancial loss to other businesses, institutions, organisations and individuals.

    And as far as I can tell no media has even mentioned it.

    I'm not sure about the lack of media attention.
    Is it incompetent media, or is it sinisterly efficient super spies?

    Either way it was handled badly in my opinion and should not have happened and needs to be dealt with better.

    I hope some media picks up on this so the event can be subject to public scrutiny.
    anonymous