August 23

How did the online census fail so miserably?

There has been much discussion about attacks on our information, attacks on our privacy and how the census site crashed due to people trying to hack into the servers that the site is/was hosted on.

It’s quite possible there was no malicious attack on our data at all, rather the volume of traffic all at once simulated an unintentional Denial of Service Attack.

So what is a Denial of Service Attack (DDoS)?

There are two common types of attacks;

  • Brute Force
  • Distributed Denial of Service

And I’m going to try now to turn some of this nerdy language into human speak.

Brute Force Attack

Imagine a typical house on a suburban street.  There is a little white picket fence, with a little white gate.

This suburb is well known to be impulsive buyers and is visited regularly by door to door salesman.

A salesman walks up to the door and says ‘Hi I’m Fred, let me in’ and when unsuccessful comes back and says ‘Hi I’m Dave, let me in’ and so on, hoping at some point you’ll recognise him.

Getting through the front gate is no problem as it’s only one person trying to get through at a time.  But he cannot get through the front door without being recognised.

This is a Brute Force Attack.  These attacks are generally stopped at the door by secure logins and good password security, as well as ‘jailing’ or blocking the originating IP address for a period of time.

Distributed Denial of Service Attack

Distributed Denial of Service(DDoS) Attacks, are different in the way they operate.

If we think back to our house on the suburban street, imagine all of the salesman visiting the area that day got off a bus at your front gate.  They all rush to be the first one to the front door, but there are too many to get through the little white gate but that doesn’t stop them all trying to push through at once.

This pushing and shoving knocks the little white gate off it’s hinges and it’s now jammed shut.

The salesman can’t get in the gate at all now, but neither can legitimate visitors.

This is a Distributed Denial of Service attack.

A Distributed Denial of Service attack can be initiated by hackers, entering through security holes in out of date operating systems.  Leaving snippets of code instructing the computers from around the world to visit a website at a certain time.  They can also be triggered by inviting too many people to visit a website at a set time.

Software protection blocking a binary code stream. Digital illustration.

So when the Australian Bureau of Statistics asked everyone to log in on the 9th August to complete their Census, it is possible they effectively created their own Distributed Denial of Service(DDoS) attack if the infrastructure for the site was not adequately designed to cope with this volume of traffic.

These kind of attacks are very real for online training and reinforce the need to keep your software up to date.

There are two things to consider that can improve your chances of stopping one of these type of attacks;

  • Ensuring SECURE login details and making sure passwords use small phrases that include alpha and numeric characters along with symbols
  • The size and design of the infrastructure behind your online training – Can it cope under the pressure of your growing enrolments?

With our fully hosted Learning Management System OTrainU, we take care of the infrastructure for you.

Our infrastructure is purpose built and has been designed with your online training in mind.  Our team of experts take care of all of the updates and the latest security threats for you, so you can get on delivering great training to your students.

If you are concerned about the security and stability of your system should it fall victim to one of these attacks we would love to hear your

concerns.

You can connect with us by phone on 07 3040 3310, send us a message on Facebook or our website live chat or you can email [email protected].