Defence hauled in over PM website attack

Security experts from Defence have been called in to assist agencies that were targeted by last night's attack on the Prime Minister's and other agency websites. More attacks are expected, according to sources.
Written by Liam Tung, Contributing Writer

Security experts from the Department of Defence have been called in to assist federal government agencies that were targeted by last night's denial-of-service attack, with sources predicting further attacks.

The Attorney General's Department (AGD) has called in the Defence Signals Directorate's Cyber Security Operations Centre and has provided IT security advisors to each of the targeted agencies in yesterday's attack, according to an AGD spokesperson.

The only website that appears to have been affected by yesterday's distributed denial-of-service (DDOS) attack on government web servers was the site belonging to the Prime Minister & Cabinet. But it was not hacked, according to the spokesperson.

"I can confirm that the Prime Minister's website was unavailable for a short time shortly after 7pm on 9 September 2009. Visitors to the site received an error message stating that the service was unavailable," said the spokesperson. "There was no unauthorised access to the website's infrastructure."

A group calling itself "Anonymous" had published its threat to wage cyber war on the Australian Government a month ago on YouTube. It had demanded that the Labor Government abandon its internet filtering plans and threatened to flood government email, fax, phone and internet services if its demand was not met.

Yesterday, AGD said it had referred the threats to the AFP, which was investigating the matter; however, it appears the response to the attacks were led by ISPs. "Agencies are working with their internet service providers (ISPs) to respond to any attacks," the AGD spokesperson said.

Media reports which claimed the Australian Media and Communications Authority (ACMA) was "affected" were inaccurate, according to the AGD. The spokesperson did not clarify whether ACMA had chosen to take down its site before the attack, though yesterday the IT security body the SANS (SysAdmin, Audit, Network, Security) Institute suggested to, if possible, switch off a target site before the attack.

ACMA was earlier this year subjected to a similar attack which resulted in its site being shut down for several days as Australian Federal Police investigated the incident.

ZDNet.com.au understands that besides ACMA, the websites of welfare agency, Centrelink, universal health insurer, Medicare, and Minister for Communications Stephen Conroy were also targeted. A spokesperson from Centrelink said its web servers were not affected.

SANS Institute member Mark Hofman, who was monitoring the attacks last night, said the group's only achievement was publicity. "As far as impact goes the net result seems to be zilch," wrote Hofman. He later added: "It achieved some publicity and managed to make the PM's website unavailable for a few minutes. Otherwise there was no impact."

However, there is now speculation within senior levels of Australia's information security industry that follow up attacks are expected.

Editorial standards