Well, that went well, didn’t it?
Last night as millions of Australians went to reluctantly provide their personal details to an overreaching government, they were prompted with a message that looked a little like this.
The site was shut down on Tuesday night and was not brought back up until Wednesday morning. Chief statistician, David Kalisch, told ABC radio that the ruckus was due to an attack by foreign hackers.
“It was quite clear it was malicious,” he said.
A series of tweets last night by the ABS simply advised that the Census was experiencing technical difficulties and would be restored the following morning. After weeks of reassurance that 1, the site was volume tested and could effectively handle large amounts of traffic, and 2, the collected data would be kept safe from hackers, it’s turned into quite the shemozzle for the ABS.
But the plot. It thickens.
After originally claiming that the site was brought down in a hacking attack, they then made a public statement advising that it was neither an attack, nor a hack. So what the fuck was it? In their words, it was an “attempt to frustrate”, which sure sounds like an attack to me.
The answer the ABS are sticking with is what’s called a Denial of Service attack (DoS). In simple terms, a DoS attack is used by hackers to bring down websites by flooding them with more requests than they can actually handle. This theory was fairly quickly thrown face-first into the shitter by cybersecurity expert Matthew Hackling.
— Matthew Hackling (@mhackling) August 9, 2016
Yet the ABS are sticking to their guns, claiming that 3 separate DoS attempts were made. The first 3 caused a “minor disruption”, with the last one successfully menacing the site and a large number of the Australian population.
Part of Michael McCormack’s statement can be read below. McCormack is the Minister for Small Business and unfortunately for him, in charge of the mess that the Census has become. Revel in the incompetence.
“There was a large scale denial of service attempt to the census website and online form. A denial of service is an attempt to block people from accessing a website. Following, and because of this, there was a hardware failure,” he said.
“A router became overloaded. After this, what is known as a ‘false positive’ occurred. This is essentially a false alarm in some of the system monitoring information. As a result the ABS employed a cautious strategy which was to shut down the online census form to ensure the integrity of the data already submitted was protected.
“I will be clear from the outset, this was not an attack. Nor was it a hack but rather, it was an attempt to frustrate the collection of bureau of statistics census data. ABS census security was not compromised. I repeat, not compromised and no data was lost.”
The big question is; will the ABS respond to the lack of evidence of said DoS attack? If you ask me, it sounds like a poorly executed ploy to cover up their own lack of testing and preparedness to handle such a large influx of traffic. Or, they’ve opted for the slightly more benign ‘bloody DoS nuisances’ option, rather than telling the public that there was actually a successful data breach, which can’t yet be ruled out.
Suddenly, the introduction of a second rate NBN and the horror that is the myGov website make a lot more sense.
“A router became overloaded” will now and forever be the epitaph of the ABS.