UPDATE The minister responsible for the Census has directly contradicted the Australian Bureau of Statistics (ABS) by saying its website was not attacked on Census night, despite confirming that the site was shut down after repeated denial of service attempts.
A series of four attacks on the Australian Bureau of Statistics hit the Census website, preventing thousands of Australians from taking part on Tuesday night after the site was pulled down due to numerous attempted denial of service attacks, which overload a website by simulating lots of users trying to access the site at the same time.
No explanation was given at the time, but ABS statistician David Kalisch and the census’s social media accounts later cited a series of overseas cyber “attacks”.
Senior cabinet minister Christopher Pyne also cited “overseas hackers” when addressing media earlier this morning — language which was not backed by Michael McCormack.
When pressed on his language, Mr McCormack said that he felt “by saying attacked, it looks as though and it seems as though and it is so that information was then gained”.
He told reporters at Parliament House that four denial of service attempts were made throughout the day, leading to the census website being taken offline on Tuesday evening as a precaution, but that no information was taken.
“No census data was compromised and no data was lost,” he said.
Mr McCormack said that he had been assured that the system was able to handle the increased traffic from people attempting to fill in the census, something questioned by an internet expert earlier this morning.
Senator Nick Xenophon, who had been accused of “tinfoil hat” politics for revealing that he would not put his name on the Census over privacy concerns, said he was not sure “who should be wearing that hat today”.
“The census, the ABS, has had five years to get this right.”
Special cyber security advisor to the Prime Minister Alastair MacGibbon joined Mr McCormack at Parliament House and cited the failure of a geo-blocking service as part of last night’s disruptions.
He could not name the source country of the attempts, but said it was being investigated.
But one expert told The New Daily there was also a strong likelihood that it was a state-sponsored attack on Australia.
Craig Thomler, a specialist in communications technologies used by government, said “this is not an accident.”
“This is a deliberate attempt to sabotage a very high-profile and significant Australian event,” he said.
Mr Thomler hinted that a country like China, whose relations with Australia have been shaky, is a possible culprit.
The perceived slights from Australia in its position on the east-China sea and its latest Olympic snubs are potential reasons for operatives to target a high-profile government initiative like the Census.
“That has caused [China] to publish a lot [of negative commentary] and quite commonly when China publishes negative things about a country through state-sponsored outlets it then follows it up with some kind of action,” he said.
“It is hard to confirm these things because the way Russia, China and to some extent North Korea do it, is that they are not employees or operating from government buildings, but they are hackers out in the community.
“The state says they will turn a blind eye if you do this one thing for us on this date.”
How the hacking occurred
The denial of service attack (DDOS) is an attempt to make a network unavailable to its intended users by overloading the server.
The ABS website was attacked at least four times by overseas hackers before the site was shut down, confirmed the ABS’ David Kalisch, Australia’s most senior statistician.
“That kind of load often exposes vulnerability in the code … it gives you clues of what’s going on behind the scene that lets hackers then break into the system and do malicious things in the background,” Mr Thomler said.
“And by setting census night as a narrow gap between 6-10pm for people to actually complete the Census rather than spreading it out … it actually created a bigger opportunity for hackers to target the four-hour window.”