The Australian Bureau of Statistics (ABS) has blamed Denial of Service attacks originating from overseas for the outage which hit the census website last night. But security experts have expressed their doubts.
The website received three DoS attacks through the evening, the bureau said, but after a fourth attack at around 7.30pm, it decided to close down the system to ‘ensure the integrity of the data’.
“Probably when many people had finished their dinner and were sitting down to use the online census form we had a fourth attack where we took the precaution of closing down the system to ensure the integrity of the data,” ABS chief David Kalisch told ABC Radio’s AM programme this morning.
“At this stage the information we’ve received is that [the attacks] came from an international source but we don’t know any more.”
He said the Australian Signals Directorate was investigating, but Australians could rest assured that their data was safe.
“If anything it actually confirms the strong position the ABS has taken to ensure the integrity of the data and Australians can be assured that data is secure at the ABS where they lodged it and we took the precaution of closing down the system to ensure the integrity of the data.
“We will take a precautious approach where if there are various aspects that we’re not comfortable with the security of the system we will take it down rather than let it operate.”
More than 2 million forms were submitted before the outage.
Despite the outage, the Census’ Twitter account continued to tweet people encouraging them to log on: “Tonight's Census night. Login now - it's your moment to make a difference.”
DoS doubts
A number of security experts, however, have expressed their doubts over whether the outage was the result of DoS attack.
Dr Mark Gregory of RMIT University told ABC News Breakfast this morning that people needed proof that the outage was the result of an attack
“A denial of service attack is when they get millions of computers trying to access their systems at the same time. You are overwhelming their computing power by doing that.
“Interestingly enough, the system, as we have learnt, was built to handle about a million transactions in an hour. A million people doing their return in an hour. Now, my understanding is that most Australians have dinner, sit down, try and do the census. If you had five or six million households trying to do their census at the same time, that’s similar to a denial of service attack.
“We need some proof this was from outside Australia and not just simply Australians trying to do the census.”
He added that some of the statements from the ABS' management had been "outrageous".
Cybersecurity pundit Matthew Hackling tweeted that there was “nothing unusual DDoS wise for Australia” happening at the time of the outage.
Vendor heat
ABS hired IBM to run the Census online data collection portal using its Australian SoftLayer cloud. Big Blue was paid more than $9.5 million to design, develop and implement the 'eCensus'.
The bureau also paid nearly $400,000 in consultancy fees and 'load testing' on the national census and agricultural census to Melbourne-based company Revolution IT.
The ABS said there would be an update on the status of the site at 9:00am this morning. At 10:00am, the bureau tweeted: "We’re working to restore the service. We’ll keep you updated.”