Engineers have disputed claims that the failure of ABS’ Census website was caused by overseas hackers.
The night of Tuesday August 9 was the set date for Australia’s 2016 Census. The government had dedicated the past two years to developing an online system to replace the paper system, expecting to save around $100 million on the salaries of Census collectors.
However, as many people had anticipated, the new website’s server was unable to handle the amount of traffic it received on Census night. As a result, the website was taken down after 7.30pm that night, and was not re-established until 3.00pm on August 11.
ABS’ chief statistician, David Kalisch, later attributed the website’s failure to a series of Distributed Denial of Service (DDoS) attacks from outside of the country. The aim of a DDoS is to overwhelm an online source with traffic from a range of sources, rendering it unavailable.
“It was an attack, and we believe from overseas,” Kalisch told ABC NewsRadio.
“[With] the scale of the attack, it was quite clear it was malicious.”
However, this claim has been contradicted by Prime Minister Malcolm Turnbull, Census director Michael McCormack, and now engineers.
Cybersecurity and infrastructure engineering commentators have attributed the failure to inadequate web infrastructure.
Information security and cybersecurity professional, Matthew Hackling, posted a screenshot of a digital DDoS attack map, which showed no significant activity in Australia on Tuesday:
In a comment to The Guardian, infrastructure engineering manager Geordie Guy said that it was “deeply unlikely” that there was a DDoS that went unrecorded on the map.
He also stated that no abnormal activity had been declared by members of the Australian Network Operators Group, a network of engineers and capacity planners at every internet service provider in Australia.
Guy, along with many others, believes the site’s failure was simply due to the fact that ABS was not prepared for the amount of traffic the Census website received. Along with doubts about data security, this was one of the main concerns shared by the Australian public.
In response to this concern, Census Australia sent out a Tweet stating that the online Census form would be able to process 1,000,000 applications every hour, which is “twice the capacity we expect to need,” revealing that they anticipated only 500,000 applications per hour despite 15 million Australians expected to participate.
The census was delivered using IBM’s SoftLayer cloud (which has protection from DDoS), with the company spending almost $10 million on the online census solution. Some have made parallels between the recent online Census failure and the Queensland Health payroll debacle, which saw a ban put in place on any new contracts with IBM.
“Which heads will roll, where and when, will be determined once the review is complete,” said Turnbull in a recent press conference.
Australian citizens have until September 23 to complete the Census.