ATO fumes after cyber criminals attack myGov portal during last days of Tax Time 2016

The Australian Taxation Office is fuming after cyber-criminals ruined the finale of Tax Time 2016 with an attack on the government’s web portal myGov.

The troubled myGov portal, which handles traffic to most federal government customer service sites, had to be taken offline on Monday as it came under the same sort of attack as the one that took down the census in August.

The ATO was forced to offer a one-day extension to taxpayers to get their 2015-2016 returns lodged after the attack. 

Monday’s incident occurred as thousands of taxpayers were trying to access the Tax Office website and lodge their annual tax returns before the cut-off deadline.

The ATO says there was nothing wrong with its sites and officials there are understood to be furious with the performance of their counterparts at the giant Department of Human Services, which runs myGov.

Do you know more? Send your tips to

In the wake of the attack, the ATO was forced to offer a one-day extension to taxpayers to get their 2015-16 returns lodged, but did not come clean with users about what exactly happened.

Human Services is trying to keep details about the distributed denial of service (DDoS) attack quiet and refused to answer questions from Fairfax about the incident.

It is understood that  myGov was hit with a very large DDoS attack starting about 3pm on Monday as thousands of taxpayers, as well as the usual traffic to Centrelink, Medicare and other official sites, were trying to log on.

DHS was forced to take myGov offline for about an hour after the attacks began, blocking access to a number of government websites including the Tax Office on one of its most important days of the year.

A distributed DoS attack overwhelms a system with a large volume of web traffic, much of it coming from computers and devices that have been hijacked by cyber criminals without the owners’ knowledge.

DHS will not say if it has referred Monday’s attack for investigation or what it believes might have motivated it, but Independent cyber-security expert Troy Hunt says DDoS attacks can have the most trivial motivation.

“Very often, there is no practical logical sensible reason why they aim to take down a particular party with a DDoS,” Mr Hunt said.

“Usually when there are reasons, they are often extremely childish: we keep seeing at Christmas time people taking down [gaming sites] PlayStation or Xbox Live because they just want to screw with kids.

“It’s not like they’re making a medium-term monetary gain through this, like some of the cases where companies have been held to ransom.”

The Tax Office made it clear it was not interested in talking publicly about Monday’s incident.

“The Department of Human Services administers myGov,” a Tax Office spokesman said.

“Any inquiries about the performance of myGov should be directed to DHS.”

The statement the ATO posted on its site after the take-down did not even hint at what was going on behind the scenes.

“Some taxpayers were experiencing slowness in logging on earlier today,” it said.

“Everything appears to be working now so we are encouraging people to try again.

“People don’t need to worry: penalties won’t apply for anyone who lodges their tax return tomorrow.”

A Human Services spokesman was giving little away when questioned by Fairfax.

“The department does not at any time comment on cyber security,” he said. “The department’s services, which include myGov, were affected by a short disruption on 31 October 2016, after which services were restored. We apologise to any customers who were inconvenienced.”


Posted on November 7, 2016, in ConspiracyOz Posts. Bookmark the permalink. 3 Comments.

  1. This Comment in the Article, summed up what I believe is the problem – Mick Raven

    PeterNov 4 2016 at 8:16am

    The claim of cyber attacks on the Census was debunked by experts statistics on the number of hits – the servers just couldn’t handles the load of Australians using the system as was intended. As Monday was the last day for Tax lodgement there would have been an expected spike in the numbers of people lodging. It doesn’t surprise me that MyGov couldn’t handle it.


  2. Thx to ALR for this Article – Mick Raven


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: