There is no evidence at this time that the IT systems came under significant attack using resources available to me and I am still yet to see industry analysis supporting any claims of DDoS or other cyberattack.The offical idenitifaciton of the cause has changed from Distributed Denial of Serivice (DDoS) attacks to router failures to even blaming Telstra.
Not once have I heard the ABS utter anything about the system failing under the crush of legitimate users trying to access the site which has been my gut feeling from the very start.
Let’s look at their scenarios for the failure.
Telstra : You are kidding right? Telstra got right on the front foot for this and rightfully so. They have stated that they had nothing to do with the service. Who ever uttered this clearly has no idea of their own system and how it hangs together. Please clear out your desk and hand in your access card on the way out.
Router Failure : Maybe but the outage seemed to be gradual. Not what I would expect with a failure of routing hardware. That stuff is pretty binary when it dies. Let’s put this as a maybe OK?
DDoS : I have not seen any evidence to support this and many other IT experts like me have not seen any record of anything unusual. In fact, the period around this time was very quiet for most of the Asia-Pacific sector.
If it was a DDoS that took out the ABS systems it was an insignificant one that did not even register and if that was the case there would be doubts that the site would be capable of holding up under normal conditions anyway.
Again, whoever sticks to the DDoS claim without providing evidence you know the drill. Clear you desk, hand in your pass.
This kind of thing makes me think that the bureaucrats in charge have put it all on the line with the promise that they will not get it wrong or they will walk the plank. It feels like some kind of face-saving is going on here because it would take nothing under normal circumstances to simply say “We buggered it up. The service proved to be significantly more popular than we envisioned and the systems were simply overwhelmed. We are working to meet demand and we will continue to work on improving our systems in preparation for future projects.”
Using the words cyber-attack and hack in this scenario considering the focus on security and privacy without hard facts to back it up is irresponsible and more damaging to the reputation of a key government department than a simple admission of failing to plan sufficiently for a large scale project.
Trust is the currency that the authorities trade on and it is easy to destroy and hard to earn. I don’t know much about politics but even with my simplistic view I can tell this is not going to pan out well for any politicians holding fast to smokescreens and misdirection.
I am willing to be convinced otherwise with hard evidence and verification from the people I respect in the field but right now, (and once again) we are seeing a technical project become a political football and we know how that turns out.