Thursday, 11 August 2016

Singing the post-Census 2016 blues

One would have to live in a deep sink hole in the middle of Australia not to have heard of the mishandling of the 2016 national census, now not so fondly known as #CensusFail.

First the Australian Bureau of Statistics (ABS) decides to keep census participants' names and addresses (without informed consent) for between four years or until after death– whichever takes its fancy.

It does this so it can match the individual with other records held by government departments to create a super database packed to the brim with sensitive information.

This information goes beyond who you are, where you live and the makeup of your household – it's also how much you earn, how much tax you pay, what illnesses you have been diagnosed with, what prescription drugs you take, how many times you visit the doctor, how many speeding fines you paid, if you have been brought before the court, the sentence you received and, much more.

All this is gathered under a unique Statistical Linkage Key (SLK-581) which follows you forever through census after census after census.

This is what these keys look like:

How do I know that this is what an SLK looks like?

Because an SLK is generated according to a standard formula and the Australian Government not only helpfully lets everyone know what that formula is, it even provides an online open access key generator for our use.

Now one would think that because most people were being manoeuvred into encouraged to fill in the Census form online on 9 August 2016 that the platform ABS was using would be very secure.

However, it turns out that in order to allow people with older versions of Windows on their home computer to access the census form online the ABS decided to have the website support the SHA-1 hashing algorithm long considered to be insecure.

Leaving it vulnerable to man-in-the-middle encryption downgrade attacks which can make it easier to intercept data being sent.

Here is a breakdown of website vulnerabilities from High Tech Bridge SSL/TLS Security Test on 29 July 2016:

The server does not prefer cipher suites providing strong Perfect Forward Secrecy (PFS). We advise to configure your server to prefer cipher suites with ECDHE or DHE key exchange.
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.
The server does not send the HTTP-Strict-Transport-Security. We advise to enable it to enforce the user to browse the website in HTTPS.
The server does not send HTTP-Public-Key-Pinning header. We advise to enable HPKP in order to avoid Man-In-The-Middle attacks.
TLS_FALLBACK_SCSV extension prevents protocol downgrade attacks. We advise to update your TLS engine to support it.
Preferred cipher suite for each protocol supported (except SSLv2). Expected configuration are ciphers allowed by PCI DSS and enabling PFS:
TLSv1.0 TLS_RSA_WITH_AES_128_CBC_SHAMisconfiguration or weakness
TLSv1.1 TLS_RSA_WITH_AES_128_CBC_SHAMisconfiguration or weakness
TLSv1.2 TLS_RSA_WITH_AES_128_CBC_SHA256Misconfiguration or weakness
Third party content (such as images, JavaScript, or CSS) is loaded from external resources. Despite that for some web applications it can significantly improve loading time, it may also put website visitor's privacy at risk, as information about website visitors become accessible to these third-party content providers. ​Moreover, a third-party content delivered via HTTP and not HTTPS channel may also expose your privacy.
HTTP methods (or verbs) that are allowed by the server. Some may be dangerous if not handled properly by the application.

Then other security issues raised their heads including the fact that census answers may not always be encrypted for the entire journey from the keyboard to IBM on the SoftLayer cloud.

By then the Australian Bureau of Statistics was on social media telling people they will be fined if they refuse to answer all the questions on the census form.

Doubts also began to pop up as to whether would be able to handle the millions of people logging in on Census Night.

Predictably it couldn't and suddenly there is multiple choice blame being handed out.

It's all the fault of:
a) evil hackers;
b) malicious furriners mounting denial of service attacks;
c) lazy people not filling out their online forms out days ahead of time; or
d) political plotters wanting to embarrass the Turnbull Government.

Reddit user mykro76 via @Qldaar on 10 August 2016 is probably closer to the mark:

The call is now going out to ditch the 9 August Census and try again at a later date if the government demographers can get their act together.

This is one example:

No comments: