Australian Census Website Suffered Four DDoS Attacks, ABS Revealed

ABS tweet
Australian Census website outage apology.

According to a statement issued by the Australian Bureau of Statistics, their site crashed due to four consecutive “denial of service” (DDoS) attacks.

In a tweet posted on their official Twitter page, ABS revealed that the 2016 online Census form had suffered four DDoS attacks of different levels of severity and nature.

The Australian agency further informed that the first three of the DDoS attacks resulted in minor disruptions.

In spite of those attacks, over two million completed Census forms could be submitted successfully and stored safely.

Once the fourth DDoS attack occurred around 7:30 pm on Tuesday, August 9, 2016, the ABS decided to close down the entire system as a precautionary measure.

According to the officials at ABS, doing so was important for ensuring the integrity of the stored data.

The ABS took immediate steps for remedying the issues and reassured the Australians that all their data is 100% secure even after the DDoS attacks.

The agency launched an investigation in partnership with the Australian Signals Directorate, the defence intelligence agency of the country.


Australian Bureau of Statistics
About 16 million residents were expected to log on to complete the compulsory census, but were met with error messages

When asked about the reasons behind the temporary shutdown of the process, ABS’ chief statistician David Kalisch said that they decided to stop things temporarily as it was quite clear to them that the four DDoS attacks were conducted with malicious intent.

Investigators are yet to gather specific information about the source of Tuesday’s DDoS attacks.

However, according to Kalisch, evidence collected so far is indicating that they were overseas attacks.

The ABS website went live again the moment it was confirmed that there’s no more security threat, and all existing data of the Australian people is safe.

The website began its operations again from 2:30 am Wednesday.

In one of his most recent interviews, Kalisch confirmed that since the ABS website went live on Wednesday, an additional 405,000 households have completed the Census form.

He further informed that ABS implemented a series of advanced security measures following the advice provided by the Australian Signals Directorate.

These new measures would keep the website secured and ensure complete safety of the data.

In a press conference held on Wednesday, Kalisch stated that Tuesday’s DDoS disaster resulted from a “confluence of events.”

He reported that the series of events that lead to the fiasco included malfunctioning of the geo-blocking protection of the system, failure of a hardware router, and breakdown of a monitoring system.

According to him, so many events generated queries the ABS officials had to investigate.

When asked why the agency shied away from informing the public about the disruptions earlier, Kalisch said that he felt that it wouldn’t be right for him to talk about the matter publicly.

That’s because they managed to get rid of the issues and the system was also working fine.

The agency’s assistant treasurer, Michael McCormack, had a different point of view about the DDoS attack.

Unlike Kalisch, he is not referring to the incident as a hack or attack.

According to him, the DDoS attacks were planned to disturb the process of data collection by the Bureau of Statistics.

He confirmed that ABS census security was never compromised, and they have not lost any data.

Alistair MacGibbon, the cyber security adviser of Prime Minister Malcolm Turnbull, said that this time, the battle between ABS’ firewall and the potential hackers (attackers) ended in an eventful draw.

According to MacGibbon, the hackers managed to use the DDoS attacks to cause severe frustration among the ABS officials.

However, they failed to do what they wanted to as ABS was quick to shut down their website for ensuring that no data stored with them get compromised.

So, what these DDoS attacks are all about? A denial of service or DDoS attack tries to make a computer system or network resource unavailable by exposing it to more requests for data than what it’s capable of handling.

The DDoS attacks are usually not planned for stealing data; these attacks are designed mostly for causing disruptions. These recent attacks also did the same.

Reports are suggesting that the ABS has been criticized for being overcautious.

However, according to the agency, they went on to close their website temporarily following the four DDoS attacks as for them security of people’s data was more important than convenience.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.