The Department of Parliamentary Services has undertaken action to prevent distributed denial-of-service (DDoS) attacks on government sites, such as those conducted by international group "Anonymous" in February.
Anonymous' Titstorm attack
(Screenshot by Ben Grubb/ZDNet Australia)
"Operation Titstorm", as "Anonymous" labelled the attacks, were in protest of Senator Conroy's proposed internet filter and knocked out the Australian Parliament House website for days. It also affected the Prime Minister and the Department of Broadband, Communications and the Digital Economy websites.
Department of Parliamentary Services secretary, Alan Thompson said in Senate estimates yesterday that the attack on government websites coincided with a series of "email attacks on our personal emails and phone calls to various people whose names are on the Parliament House website, including my own". He also stated many fax lines were affected by the Anonymous attacks, with the primary concern for the department being the potential for confidential material to be accessed by external parties.
At the time, the attorney-general said the Department of Defence Cyber Security Operations Centre was monitoring the situation. Following the attacks, the government's Department of Defence ordered telcos including Optus and Telstra to block as many as 13,000 IP addresses identified as contributing to the DDoS activity.
Speaking in Senate Estimates on Monday, David Kenny deputy secretary for the Department of Parliamentary Services said that reactions to the "Anonymous" attack were largely reactive.
In order to be more proactive, Kenny said that his department was currently trialling a device to help prevent similar attacks. "It is a device with specific software on it. We are, via that activity, looking at improving our defensive ability to block and react." Kenny stated the government could seek to purchase the device following the trial.
The government had also been engaged in discussions with internet service providers (ISPs) and government agencies, "who are obviously also interested in being able to protect their own systems from such attacks", according to Kenny.
James Turner, an IT research analyst from IBRS said it was difficult to predict what systems the government would implement, but did say that the costs of providing such systems could outweigh their benefits. He added, however, that the government would have considered that. "Presumably they think this is a credible risk for their organisation."
Working with ISPs was one of the most effective preventative measures for dealing with DDoS attacks, according to Turner. "It works really well when you're working with your ISP, you can deal with a DDoS when it hits your front end, but it's preferable to be dealing with it at the ISP level," he said.
In order to beat DDoS threats, Turner believed organisations needed to be more open.
"An organisation needs to be more transparent when they've come under attack or when an attack has occurred," he said. "At the moment there's a lot of shame and they're scared to disclose it because of how they think the market will react, so it's only when everyone in the playground stops and points at the bully that we get any control and increase the likelihood of the bully backing down."