Wednesday, 21 October 2009

Hackers gave notice before striking PM's website

as posted here

Karen Dearne | October 21, 2009
HACKERS with an online protest group dubbed Anonymous took down the Prime Minister's website for around half-an-hour in early September, despite giving more than a week's notice of their intentions, Mike Rothery, head of the new National Security Resilience Policy Division, has confirmed.
Tasmanian Liberal senator Guy Barnett said it "beggared belief" that measures were not in place to protect the website when the Attorney-General's Department and security personnel within the Prime Minister's office had pre-warning of the denial of service attack.

It's understood Anonymous members were protesting against the government's mandatory internet filtering plans; they had sought publicity for their actions, including appearing on Sky News several weeks earlier.

Mr Rothery said the attack - peaking at "a few thousand concurrent inquiries to the website" - continued for more than 20 hours, and occurred in two surges.

"The first was at 7pm on Wednesday (September 9), and my understanding is that the website went down for roughly 30 minutes between 7 and 7.30pm," he told the Senate Legal and Constitutional estimates inquiry in Canberra this week.

"The second surge (at 10am on Thursday), which was probably a slightly more severe threat, did not (succeed) in making the site unavailable. Whilst the site became slower, the adjustments that had been made overnight were able to successfully manage (the situation)."

Mr Rothery said the newly created Cyber Security Operations Centre (CSOC), located within the Defence Signals Directorate, had provided advice to several federal agencies experiencing increased traffic associated with the hackers ahead of the attack, and support from internet service providers was sought.

"We understand a number of measures put in place actually contributed to the site being unavailable," he said. "At one point they reduced the number of concurrent users that could connect, and that capacity was met very early. Over time, they turned that capacity up and were able to maintain the website despite the attack.

"In fact, the attack was less than anticipated, and some of the measures had been probably unnecessarily strict."

The Attorney-General's Department - which is responsible for cyber-security matters - co-ordinated a report to ministers on behalf of all agencies involved in managing the incident, he said, and federal police were making inquiries.

Mr Rothery said the CSOC, which became active in July, had given the government a new 24x7 capability for handling electronic threats and would also contribute to Defence capabilities.

Meanwhile, the new government-run Computer Emergency Response Team (CERT) would be online in January, and would absorb the "current activities of the Attorney-General's GovCERT unit", he said.

"The national CERT will co-ordinate the communication of information about both cyber-threats and vulnerabilities between different parts of the government and different parts of the business community, and through the business community to the broader Australian community," he said.

"An example would be by passing information to ISPs so that they can then provide better information and services to subscribers."

Mr Rothery said GovCERT had generally performed a CERT function for industry sectors like banking, telecommunications, energy and utilities.

"We also do work with other sectors of the economy that may be targeted for computer-based espionage," he said. "In that work, we share information about the characteristics of the attack."

as posted here

No comments:

Post a Comment

comments will be moderated before posting, allow some time before they appear if they are accepted ...