news The Australian Bureau of Statistics has admitted the 2016 online Census form was subject to four distributed denial of dervice (DDoS) attacks on 9 August that were of “varying nature and severity”.
The first three attacks caused “minor disruption” to the service, it said, adding that over two million forms were “successfully submitted and safely stored”.
A fourth attack, soon after 7.30 pm, prompted the ABS to take the precaution of closing down the online system “to ensure the integrity of the data”.
In an online update at 6.45 am, 10 August, the ABS said it took action overnight to address the issues.
“I can reassure Australians that their data are secure at the ABS,” said David W. Kalisch, Australian Statistician and head of the ABS.
In a later update at 9.15 am the same day, the bureau said it was continuing to work with the Australian Signals Directorate and its providers to get the online Census form back up “as soon as possible”.
Later at 3.15 pm, also on the 10 August, the ABS set out to explain the issue in more detail, saying that the DDoS attacks had been “an attempt to frustrate its collection of Census data”.
The ABS had been expecting denial of service attacks and the protective measures already in place “managed the first three attempts with only very minor service disruptions”.
However, just after 7.30pm, the bureau said a “confluence of events” occurred that caused it to take the precaution of closing down the online Census form to “safeguard and to protect data already submitted”.
The sequence of events leading to the shutdown were listed as follows:
- A fourth denial of service attempt occurred
- A large increase in traffic to the website occurred as thousands of Australians logged on to complete their Census returns
- A hardware failure occurred when a router became overloaded
- A ‘false positive’ occurred, which the ABS described as “essentially a false alarm in some of the system monitoring information”.
Census security had not been compromised and no data had been lost, it again stressed.
The ABS said that Australians have “plenty of time” to complete their Census forms, with the closing date being 23 September. It further pointed out that fines “will not be imposed for completing the Census after Census night”.
In statements contrary to those made by the ABS, Michael McCormack, the minister responsible for the Census has said the Census website was not attacked on 9 August, according to the ABC.
In later statements, in which he conceded there had been four DDoS attacks, McCormack said he had believed that “by saying attacked, it looks as though and it seems as though and it is so that information was then gained”.