What are the DoS and DDoS attacks that brought down the census?
Experts believe that the electronic assault on the census site was a DDoS attack – a kind of electronic army that attacks an enemy’s website on every flank using millions of computers as soldiers.
About 2000 of these attacks occur every day across the world, said DigitalAttackMap, a website that monitors such attacks.
Only days ago, this type of attack shut down US Olympic swimming Michael Phelps’ commercial website, SCMagazine, which specialises in IT security, said.
It said the attack happened fresh after Phelps’ gold medal-winning performance in the men’s 4×100 metre freestyle relay at the Rio Games.
One hacking expert told Time magazine that any celebrity or high-profile site should expect these attacks.
“Each celebrity on our target list will be either hacked or DDoSed,” a representative of hacking group New World Hackers said.
Xbox, US Republican presidential candidate Donald Trump and the BBC have been among New World Hackers’ recent targets.
DigitalAttackMap, a joint venture between Google Ideas and network security firm Arbor Networks, said these attacks had hit online gaming sites, newspapers and banks; Greek banks were crippled this year. Yet its site doesn’t show a DDoS attack on the ABS census site on Tuesday, bolstering claims by some that the attack didn’t take place.
The Australian Bureau of Statistics said its census site was hit four times by denial of service (DoS) attacks. A DoS is a broad term for attacks that attempt to crash an online system so that users cannot access it.
Some IT and cybersecurity professionals speculated that a DDoS (Distributed Denial of Service) attack was to blame.
A DDoS is a type of DoS attack in which hackers attempt to crash a system by flooding it with bots – or Trojan – accounts.
DigitalAttackMap said attackers cripple websites, such as the ABS’ census site, by building networks of infected computers, known as botnets, by spreading malicious software through emails, websites and social media.
Once infected, these machines can be controlled remotely, without their owners’ knowledge, and used like an army to launch an attack against any target. Some botnets are millions of machines strong.
DigitalAttackMap says these botnets can generate huge floods of traffic to overwhelm a target.
“These floods can be generated in multiple ways, such as sending more connection requests than a server can handle, or having computers send the victim huge amounts of random data to use up the target’s bandwidth. Some attacks are so big they can max out a country’s international cable capacity.”
Adding to many people’s fears about the security of the census website before the attack, the information gained from these sites during an attack is sold on online marketplaces that specialise in information gained from these DDoS attacks, DigitalAttackMap said.
“Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organisation’s online operations. A week-long DDoS attack, capable of taking a small organisation offline, can cost as little as $150,” the website said.