Last night’s Census was a debacle for Australians trying to fill the survey out online. According to the Australian Bureau of Statistics (ABS), the website suffered repeated distributed denial of service (DDoS) attacks. The ABS ended up pulling the plug on it. People were furious that they weren’t able to get online to submit their forms and worried about the fines they would face for not completing the Census. But there are now doubts as to whether yesterday’s Census website fail was really a result of DDoS attacks. Here are the details.
Article was last updated at 12:46pm
The drama never stops with Census 2016. Last night, the online Census form website was hit by four DDoS attacks, according to the ABS. After the fourth attack, the ABS decided to shut down the site to “ensure the integrity of the data”. The ABS still managed to collect two million forms online.[related title=”More Stories on Census 2016″ tag=”census” items=”3″]
The ABS is working with the Australian Signals Directorate to determine the source of attacks but they already know it was launched from overseas. At the time of writing, the Census form website was still down but is expected to be back up this morning.
The ABS took precautions to ensure that the Census website wouldn't crash as millions of Australians were expected to log on to complete their survey.
However, some security experts have come out to say that there were no big DDoS attacks occurring in Australia last night.
— Matthew Hackling (@mhackling) August 9, 2016
This is the DDOS for yesterday (site is US-based hence date). Brazil obviously, usual Asia/Europe/US. pic.twitter.com/VgOgF7VEBM
— Gordy irl (@GordyPls) August 9, 2016
While the ABS has come out to reassure the public that cyberattacks didn't compromise the data it held, DDos attacks are often used as diversions for data theft attempts. It is possible the hackers were using the DDoS attacks as a red herring for something more sinister.
In light of what happened last night, Australian Privacy Commissioner Timothy Pilgrim is launching an investigation on the ABS in regards to the cyberattacks. He said:
"My first priority is to ensure that no personal information has been compromised as a result of these attacks. ABS have confirmed that a decision was taken last night to shut down the website in order to protect personal data.
Yesterday I noted that the Office of the Australian Information Commissioner has been briefed by the ABS on the privacy protections put in place for the Census. My office will continue to work with the ABS to ensure they are taking appropriate steps to protect the personal information collected through the Census."
On the other hand... maybe the ABS just weren't adequately prepared for the influx of traffic on the Census 2016 website but are too embarrassed to admit it.
Greens Senator Scott Ludlam has demanded that the ABS and the Government "[p]rovide the community with sufficient detail about the systems failure on census night so that claims of a denial of service attack can be independently verified."
The Government has since responded by saying that it was actually a hardware failure caused by one of the DDoS attacks that led to the ABS shutting down the Census website. Small Business Minister Michael McCormack said at a press conference this morning:
"A router became overloaded. After this, what is known as a false positive occurred. This is essentially a false alarm in some of the system monitoring information. As a result, the ABS employed a cautious strategy which was to shut down the online Census form to ensure the integrity of the data already submitted was protected."
QUT privacy expert Professor Matthew Rimmer told News.com.au:
"I’m sure the ABS would like to externalise the blame and say it’s not us it’s someone else, but ultimately given the claims that they were making about absolute privacy and security they do have to take responsibility for privacy and security for their method of delivery…
"I really question the wisdom of the claims by the ABS and the government that everything would be OK, that there would be absolute protection in relation to privacy and security when obviously they were painting a bullseye on their back making those sorts of claims. It underlines we need better privacy protection in an age of big data, cloud computing and hacking."
The ABS has said that people have until September 23 to fill out the online Census so nobody will be fined for yesterday's website fail.
Did you manage to complete the Census online last night? Let us know in the comments.