The Australian Bureau of Statistics (ABS) 2016 census website was hit by a DDoS attack only hours after boasting that its website would not crash.
Four denial of service attempts were made throughout the day leading to the census website being taken offline on Tuesday evening.
Prime minister Malcolm Turnbull assured the public that their personal information was not compromised. Millions of frustrated Australians were prevented from taking part in the national survey on Tuesday (census night) in which two thirds were expected to complete online this year.
Turnbull stressed the “unblemished record” of the ABS and said, “What you saw was the denial of service attack or denial of service attempt which, as you know, is designed to prevent access to a website as opposed to getting into the server behind it. Some of those defences failed, frankly.”
Michael McCormack, assistant treasurer responsible for overseeing the census, denied that the national survey was hacked or attacked despite confirming the site was shut down after repeated denial of service attempts. McCormack said he felt that “by saying attacked, it looks as though and it seems as though and it is so that information was then gained.”
The prime minister's cyber-security advisor, Alastair MacGibbon added that several technical issues compounded the effects of the attack, including the failure of the ABS's geoblocking system around 7:30 pm, which allowed the DDoS traffic to impact the ABS servers, hosted by IBM. It was also stated that the ABS may simply have been unprepared for the volume of traffic it received on census night.
“The Australian Bureau of Statistics (ABS) may be under fire for its failure under a series of dedicated attacks. While this crash at a critical point in the census process has caused significant delays and issues, the fact that no data was breached should be praised,” said Jonathan Martin, EMEA operations director at Anomali in emailed commentary to SCMagazineUK.com. “The fact is that organisations are under attack daily from a range of evolving threat vectors. The volume and complexity of attacks is changing at such a rate that it is increasingly difficult for security teams to keep up with the fast changing world of hackers and the threats they pose.”
“We all know that the bad guys share intelligence on how to break into a network all the time – we (as good guys) need to start doing the same, to share intelligence between ourselves in real time about who the attackers are, where they live, what techniques they typically use in order to stay one step ahead and combat these threats.”