#CensusFail 2016: ABS Fluffed Off Concerns About DDoS Attacks

Image: Supplied

Remember the #censusfail incident last year when millions of Australians were unable to fill out the mandatory Census online because the website was slammed by a distributed denial-of-service (DDoS) attack? It appears the ABS was overconfident about the website's ability to fend of a DDoS attack.

Three months before Census 2016, the Australian Bureau of Statistics (ABS) was questioned about how resistant the Census website would be against distributed denial-of-service (DDoS) attacks. The ABS seems confident that the website could withstand DDoS attacks. In a heavily redacted document obtained by the ABC, the ABS said this:

At high level our architecture resists DDoS attacks via use of multiple layers of security.

… In general terms our experience is that most external DDoS attacks are stopped at the [REDACTED] or, increasingly, in front of it as cloud services are more widely utilised. The 2016 Online Census uses [REDACTED] for key web-facing elements such as content and email delivery.

As we know now, the Census online site was brought to its knees by what was considered a puny DDoS attack and was down for several days. The 2016 Census was already a controversial one due to privacy concerns; it didn't need any more bad publicity.

In the weeks following #CensusFail everybody involved passed the buck: There was a Senate enquiry into the matter; the ABS blamed its IT provider IBM. IBM blamed the ISP NextGen Networks. NextGen blamed IBM. You get the idea.

In the end, IBM had to cough up $30 million in compensation to the ABS.

The ABS had to shoulder some responsibility for the Census 2016 debacle as well. The Prime Minister's cyber security advisor Alastair MacGibbon criticised the ABS for placing too much faith in IBM.

"IBM's assurances were taken at face value: if IBM said in an email that DDoS protections worked, the ABS took comfort," MacGibbon said in a report on #CensusFail.

The Government still deemed Census 2016 a success. According Small Business Minister Michael McCormack, who is responsible for overseeing the ABS:

"More than 96 per cent of Australian households completed their census, which is on par with the 2011 census. A record 58 per cent of Australians completed their census online."

What Organisations Can Learn From The ABS Census Fail

We can all agree that this year's Census has been a colossal snafu. The Australian Bureau of Statistics (ABS) shutdown the website after it was supposedly hit by a number of distributed denial-of-service (DDoS) attacks. This was after the Census website had been stress tested. So what can organisations learn from this incident? Let's find out.

Read more

[ABC]

WATCH MORE: Tech News

Comments

    The incident "census 2016" made us to think about the possible ways to protect our websites. Few days back, i was reading the shocking news that 12% of business owners are under the assumption that small DDoS attacks have no major impact to their business, knowing the fact that a single DDoS attack can cost millions.

    According to a recent interview of Scott Schober (Cyber Security Expert and Author of Hacked Again) with a VPN provider, DDoS (Distributed Denial of Service) attacks continue to make headlines and have become a popular choice of hackers to cause widespread disruption. DDoS attacks occur when a single system targets multiple systems by flooding the bandwidth (with either random junk or legitimate traffic) causing extreme slowdown for legitimate users and possibly a full server crash. These incidents are on the rise because novice hackers can now launch targeted DDoS attacks with minimum hacking experience. However, the target of the attack must still deal with a costly and disruptive cleanup.

    Interview Source: https://www.purevpn.com/blog/ddos-protected-vpn-purevpn/

Join the discussion!

Trending Stories Right Now