“ATO fumes after cyber criminals attack myGov portal during last days of Tax Time 2016”
By Noel Towell November 3 2016 - 10:58PM <http://www.smh.com.au/national/by/Noel-Towell-hven2> http://www.smh.com.au/national/by/Noel-Towell-hven2 The Australian Taxation Office is fuming after cyber-criminals ruined the finale of Tax Time 2016 with an attack on the government's web portal myGov. The troubled myGov<http://www.canberratimes.com.au/national/public-service/centrelink-apologises-for-new-privacy-breach-20161031-gsf1cp.html> portal, which handles traffic to most federal government customer service sites, had to be taken offline on Monday as it came under the same sort of attack as the one that took down the census <http://www.canberratimes.com.au/federal-politics/political-news/blame-all-around-as-the-bureau-of-statistics-deflects-criticism-of-census-2016-20160923-grnbt1.html> in August. Monday's incident occurred as thousands of taxpayers were trying to access the Tax Office website and lodge their annual tax returns before the cut-off deadline. The ATO says there was nothing wrong with its sites and officials there are understood to be furious with the performance of their counterparts at the giant Department of Human Services, which runs myGov In the wake of the attack, the ATO was forced to offer a one-day extension to taxpayers to get their 2015-16 returns lodged, but did not come clean with users about what exactly happened. Human Services is trying to keep details about the distributed denial of service (DDoS) attack quiet and refused to answer questions from Fairfax about the incident. It is understood that myGov was hit with a very large DDoS attack starting about 3pm on Monday as thousands of taxpayers, as well as the usual traffic to Centrelink, Medicare and other official sites, were trying to log on. DHS was forced to take myGov offline for about an hour after the attacks began, blocking access to a number of government websites including the Tax Office on one of its most important days of the year. A distributed DoS attack overwhelms a system with a large volume of web traffic, much of it coming from computers and devices that have been hijacked by cyber criminals without the owners' knowledge. DHS will not say if it has referred Monday's attack for investigation or what it believes might have motivated it, but Independent cyber-security expert Troy Hunt says DDoS attacks can have the most trivial motivation. "Very often, there is no practical logical sensible reason why they aim to take down a particular party with a DDoS," Mr Hunt said. "Usually when there are reasons, they are often extremely childish: we keep seeing at Christmas time people taking down [gaming sites] PlayStation or Xbox Live because they just want to screw with kids. "It's not like they're making a medium-term monetary gain through this, like some of the cases where companies have been held to ransom." The Tax Office made it clear it was not interested in talking publicly about Monday's incident. "The Department of Human Services administers myGov," a Tax Office spokesman said. "Any inquiries about the performance of myGov should be directed to DHS." The statement the ATO posted on its site after the take-down did not even hint at what was going on behind the scenes. "Some taxpayers were experiencing slowness in logging on earlier today," it said. "Everything appears to be working now so we are encouraging people to try again. "People don't need to worry: penalties won't apply for anyone who lodges their tax return tomorrow." A Human Services spokesman was giving little away when questioned by Fairfax. "The department does not at any time comment on cyber security," he said. "The department's services, which include myGov, were affected by a short disruption on 31 October 2016, after which services were restored. We apologise to any customers who were inconvenienced." --------------------------------------------------- From: Stephen Loosley<mailto:[email protected]> Sent: Tuesday, November 1, 2016 12:46 AM To: [email protected]<mailto:[email protected]> Subject: [LINK] MyGov down today It seems the MyGov website went down today .. Herman E Hofman @Her... 29 seconds #myGov is not working. Shades of census night. All Government IT should be outsourced to Amazon. Adrian Cutts @|_YBASl<w S min Major issues happening with #MyGov website. Know any Ned Flanders who did their tax four months ago‘? Zahir @ZaherHosain 5min Hi ATO #MyGov Site is down and not responding. Will I be fined If can't submit return today? SB Tang @sb_tang 6min Hi, I'm trying to submit my tax retum via MyGov. It appears to be down. Please help. . myGov @myGovau 15min Nata|ie65596852 We can confirm there are intermittent issues which we’re investigating. Sorry for any inconvenience, please try later Alison Evans @_budgie 33min mygov won't load, surprising literally no one Maz McEwan @mazmcewan 47min myG0vau Whats going on with the myGov site? Wont load. Need to do tax retum today... Danielle Emond @dee_ant... 47min myG0vau is the MyGov site down? Cheers, Stephen _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
