Poorly Defended Business and Home Computers Contribute to ABS Attack: Macquarie Government Says
Listen to the radio interview – Aidan Tudehope, the Managing Director of Macquarie Government talks about DDOS attacks and the Census site.
People should pause before casting all blame on the ABS for the reported Cyber attack that brought down the Census last night and ask themselves if they unwittingly played a part, Aidan Tudehope, managing director of Macquarie Government, said today.
Distributed denial of services (DDOS) attacks are launched from Botnets, which are networks of computers that have been secretly infected and are under the control of hackers.
“These can be individuals’ home computers or whole corporate networks.
“The hackers can have set these networks up over a long period of time and waited patiently to launch an attack from an army of ‘zombie’ computers,” Mr Tudehope said.
Macquarie Government, which provides frontline defence to more than a third of Federal Government agencies through its Secure Internet Gateway, was seeing almost daily DDOS attacks on Government systems, Mr Tudehope said.
“These can be small and short, or big and sustained like the ABS attack, but all rely on poor security awareness among other people, allowing their computers to be ‘weaponised’,” he said.
“While the people launching the attacks might be anywhere in the world, the computers they are using are increasingly right here in Australia, making it more difficult to respond.
“And, as computing power and network bandwidth expands, the number of zombie computers needed to launch a damaging attack becomes fewer.
“An attack on a scale that 10 years ago required tens of thousands of computers now might now be possible with a few thousand.”
“Corporate networks are particularly attractive targets because they can have huge capacity and many connections to the Internet.
“They are like the cyber equivalent of an aircraft carrier,” Mr Tudehope said.
Mr Tudehope said this unfortunate episode should serve as a clear message to the business community in particular that it needed to take seriously its responsibility to implement effective cyber security strategies.
“You are not only protecting your systems when you do this, you are protecting the national institutions.”