Congratulations Australia, even in the most foreboding of times, we have found yet another way to highlight the incompetence of those that seek to rule, and also protect us from the harms of the coronavirus pandemic.
The latest setback for the Commonwealth government began on Monday morning, as its myGov portal crashed, and thousands of people queued to enter into Centrelink shopfronts around the nation.
Just after lunch, up stepped Minister for Government Services Stuart Robert to put forward the government’s view on the outage.
Rather than admitting to a capacity problem, either on the networking side or on the human side since its shopfronts are staffed at lower levels due to social separation edicts, or saying there was an underestimation of how many people would be seeking to interact with Centrelink, Robert decided instead to head straight into the realm of cyber incidents.
“We’ve put a 10-fold increase on our digital channels over the weekend in preparation,” Robert said directly before his cyber-revelation would appear. “Unfortunately this morning, we also suffered a distributed denial of service on our main channels, which also highlights that other threats are still inbound.”
Asked to clarify whether it was an actual cyber incident or just lots of Australians anxious to get access funds before the defining period of our lifetimes forced us into a potential months-long lockdown, Robert did not take a step back.
“It can be both,” he said.
Read more: Government wheels out Census excuse and blames myGov crash on DDoS
Those words were barely two hours old when Robert stood up in Parliament and said it was merely 95,000 people trying to connect to myGov that triggered a DDoS alert, and not an attack at all.
Before this weekend, the system was only capable of handling 6,000 concurrent requests. If you want some lockdown video conferencing fun this week, I’d suggest asking an enterprise systems architect to explain how such a system could serve 24.5 million people worried about their future and watch their face crumble before your eyes.
People of Australia, you are a distributed force that can take down so-called enterprise systems like no other.
Previously, the government showed its technical skills in the infamous 2016 Census omnishambles, where the systems were overwhelmed by a 3Gbps attack, as well as a 210Mbps attack, before being pulled due to a false positive data exfiltration event. For context, DDos events of over a terabit per second have been experienced.
In the case of the Census, a lot of the blame was rightly directed at IBM for their incredibly silly Island Australia geoblocking plan to handle DDoS and other displays of architectural incompetence. Not to mention most households in Australia were attempting to fill in an online Census in a single evening window.
“This was a failure to deliver on the contractual obligations that IBM had,” then Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon said in October 2016. “There was a failure on the part of ABS to sufficiently check that the contract had been delivered.”
Three and a half years on, it would appear the government has failed to learn a damn thing.
This is all the more important in the current coronavirus climate, where people are relying on the government to provide reliable information they can act on. Australia does not need a government running around crying DDoS at first sign of a technical problem as some sort of get out of jail card.
In the end, the closest thing to a DDoS of national importance the government has had to handle in recent weeks is the physical kind, as panic buying sees products like pasta and toilet paper disappear off supermarket shelves.
Perhaps the best words on whether the government should yell “DDoS!” were found last week from the Prime Minister of Australia, Scott Morrison:
“Stop it. It’s not sensible, it’s not helpful and I’ve got to say it’s been one of the most disappointing things I’ve seen in Australian behaviour in response to this crisis.”
Hear, hear!
