Those of you who read Tuesday's IT section in The Age and Sydney Morning Herald may have seen my story about the NSW Department of Commerce getting hammered by spam.

A deluge of spam crippled the NSW Department of Commerce's computer network two weeks ago, effectively severing its connection to the internet for at least two days.

A sudden influx of spam emails from more than 4000 domains and locations brought the department's Sydney office network to a standstill, forcing system administrators to block outbound web browsing access to help restore email services.

I'd like to be a tad self indulgent here and discuss the way this story came together. It highlights the problems faced by the press these days in dealing with governments, both state and federal.

Now, call me old fashioned, but I believe governments should provide adequate responses to press enquiries. It's how they're held accountable.

In this instance, sadly, the NSW Department of Commerce brushed enquiries aside with an air of arrogance that was quite astonishing.

Here are the questions I sent to the department:

q1: Can you describe the nature of the computer problems experienced by Department staff?

q2: What was the root cause of the problems?

q3: Did the problems affect the Department's entire network?

q4: What action was taken to resolve the network issues?

q5: If the problems were caused by a DDoS attack, were the police notified?

q6: What sort of disruptive effect have the problems had on the normal operations of the Department?

q7: What action has been taken to mitigate resulting administrative
headaches caused by the attack?

After a couple of days, I received this response:

"The Department of Commerce recently experienced a large influx of SPAM internet emails from over 4000 different domains and locations from around the world.

As a result of the attack, the Department experienced some disruption to internet email delivery over a period of two days. A series of actions were taken to mitigate the risk including intermittently blocking internet (web browsing) services.

Departmental operations ensured all websites remained fully functional and restored email services as efficiently as possible.

During the incident, the Department of Commerce provided information and sought advice from AusCert (a National Computer Emergency Response Team)."

Ok, so it's a response, but it's not exactly forthcoming. I'd even call it evasive. I decided to ask some more specific follow-up questions, in addition to requesting an interview with a spokesperson from the Department. The questions were:

> "The Department of Commerce recently experienced a
> large influx of SPAM internet emails from over 4000
> different domains and locations from around the world.

Was this a sudden influx? How does this compare to normal spam volumes? If it was a sudden influx, do your propeller heads heave any idea why? Is it a deliberate attack or attempt to cripple the Department's e-mail infrastructure? If so, who would want to cripple the Department's e-mail systems?

> As a result of the attack, the Department experienced
> some disruption to internet email delivery over a
> period of two days. A series of actions were taken
> to mitigate the risk including intermittently
> blocking internet (web browsing) services.

Why would you block staff access to the Internet because of a sudden influx of spam? Was it to save bandwidth? How long was Internet browsing blocked for?

Also, I understand you're still having some e-mail trouble. I received a call from NAME OMMITED 90 minutes after sending her an e-mail yesterday. She wanted to know if I'd sent it, which suggests to me that the problems are far from resolved.

When I called to make sure she'd received it, another staff member said the department was experiencing problems with e-mail, indicating the issue isn't fully resolved yet.

We're interested to find out what the impact of this attack was on the normal operations of the department. I have been informed that tender documents couldn't make it through to your network via e-mail and it was causing major procedural problems. My original questions eluded to this, but there is nothing in the response that refutes it.

Have you had to extend any tender deadlines?

> During the incident, the Department of Commerce
> provided information and sought advice from AusCert
> (a National Computer Emergency Response Team)."

Yup -- the guys and gals at AusCERT can be very helpful in situations like this, providing advice and mitigation strategies. Did you also call in external consultants to help out?

Now, there have been a number of assertions made by my source. If you choose to, you can refute them. If you choose not to, then they're frankly worth printing as assertions that have not been denied or directly addressed by the department.

The assertions made are:

1. Staff across the entire department were unable to browse the Internet or receive e-mail reliably for a period of no less than two days.

My questions around this assertion are:

A) Was the whole department impacted? If not, what proportion of staff lost access?
B) Why was Web browsing access restricted?
C) Are the problems ongoing or have they been completely resolved?

2. The "attack" lead to problems associated with the transmission of tender documents and significantly impacted the day-to-day operations of the Department.

A) Were tender documents "lost"?
B) Were any tender deadlines extended?

I also need to know how many staff work for the NSW Department of Commerce.

If you would like your second round of responses included in the story, you will need to get back to me by 2pm tomorrow (Friday) for me to make deadline.

As you can see, my questions were aimed at finding out precisely what had happened in this taxpayer-funded department. How could an entire department lose two days of productivity due to a "spam attack"? How can the department and other government institutions avoid similar situations?

Unfortunately, the NSW state government doesn't believe it should be at all transparent. It doesn't believe the public has a right to know about its inner workings or the problems it experienced, how those problems arose, or what's being done to ensure massive productivity losses like this aren't repeated. How do I know this? Because the response to my 500 words of questions was the following:

Please refer to our earlier comments as Commerce's response on this matter.

This is an appalling response of an all too common kind. If you think I'm exaggerating, read this piece.

For more on the Department of Commerce spam attack, check out my security podcast at ITRadio.com.au...