Australian Census Website Shut Down On Census Night After 4 DDoS Attacks

Heart44 writes: News sites are reporting that the Australian census website has been shut down until further notice. This happened on census night, Tuesday (Australian time), August 9th, 2016. This is the first attempt at an online census where [the internet] is the default data collection method. You had to call an often busy number to get a paper form. This is on top of a long running controversy that the Australian Bureau of Statistics will keep the names and addresses of everyone for five years. I presume more useful links will appear over time. "The site was targeted by four denial of service (DoS) attacks," chief statistician David Kalisch told ABC radio. The Sydney Morning Herald reports: "The first three caused minor disruptions and did not stop more than two million census forms from being 'successfully submitted and safely stored,' he said. But the site was shut down after a 'gap' in the system's security measures was found during a fourth attack (AEST), Mr Kalisch said. 'After the fourth attack, which took place just after 7:30pm [on Tuesday AEST], the ABS took the precaution of closing down the system to ensure the integrity of the data,' Mr Kalisch said. 'I can certainly reassure Australians the data they provided is safe,' he said."

UPDATE 8/09/16: Many reports are contradicting Kalisch's claim that the website was shut down from DDoS attacks. User @mhackling on Twitter tweeted a screenshot of Digital Attack Map showing "nothing unusual DDoS wise for Australia and yesterday."

Re:Never assume malice when stupidity will suffice

[Heart44]

Yes, this link does not show any large DDoS attacks on Australia or in Australia. Interesting to look at what China is doing to Saudi Arabia at the moment.

IBM wins $9.6m to host eCensus in 2016

[Lefty2446]

http://www.itnews.com.au/news/...

ABS ditches in-house plans in favour of outsourcing.
The Australian Bureau of Statistics has opted not to build its own private cloud to host the 2016 eCensus, instead awarding a $9.6 million outsourcing contract to existing partner IBM.

Australia’s national statistics agency first offered Australians the option to avoid completing the Census via its traditional paper-based form with a web-based eCensus in 2006.

It partnered with IBM in a $9 million deal in 2005 to develop and support the web-based eCensus application - which is hosted on IBM’s AIX operating system and a WebSphere application server, out of the company's Baulkham Hills, Sydney data centre.

But the agency later virtualised its server infrastructure (with VMware’s vSphere) to create its own private cloud with the intention of hosting the 2016 eCensus.

Running the Census in-house would help address security perceptions arising from the data being handled from a third-party, the ABS said at the time. It said it also made sense to outsource the project to a third-party rather than deal with the one-off high traffic spike internally.

The agency became 95 percent virtualised after cutting 300 physical servers to 70, which hosted 1500 virtual machines.

But the Bureau of Statistics today confirmed it had decided to once again partner with IBM for hosting of the 2016 eCensus in order to ensure the expected high volumes would be properly managed.

The ABS expects the percentage of Australians completing the census online to double in 2016, forecasting a 65 percent take-up compared to 33 percent in 2011. For the first year of the eCensus, 10 percent of Australians submitted their form online.

“The ABS virtualisation project was successfully completed providing a very efficient platform for ongoing ABS operations, including supporting a number of components of the digital Census in 2016,” a spokesperson said.

“However, due to the peak volume of the online form during Census 2016 it was decided that contracting IBM would provide the best value for money and management of operational risk.”

Duncan Young, head of the 2016 Census within the ABS, said IBM had been contracted through a limited tender after proving it could offer the best value for money.

“This contract capitalises on the investment in the existing online Census system,” Young said in a statement to iTnews.

“Our existing solution has shown itself to be robust, and can be expanded to manage increased volumes. Using a known platform will reduce the risk of costly development and integration issues.”

The IBM contract will expire in October 2016.