Australian Census Website Shut Down On Census Night After 4 DDoS Attacks

Heart44 writes: News sites are reporting that the Australian census website has been shut down until further notice. This happened on census night, Tuesday (Australian time), August 9th, 2016. This is the first attempt at an online census where [the internet] is the default data collection method. You had to call an often busy number to get a paper form. This is on top of a long running controversy that the Australian Bureau of Statistics will keep the names and addresses of everyone for five years. I presume more useful links will appear over time. "The site was targeted by four denial of service (DoS) attacks," chief statistician David Kalisch told ABC radio. The Sydney Morning Herald reports: "The first three caused minor disruptions and did not stop more than two million census forms from being 'successfully submitted and safely stored,' he said. But the site was shut down after a 'gap' in the system's security measures was found during a fourth attack (AEST), Mr Kalisch said. 'After the fourth attack, which took place just after 7:30pm [on Tuesday AEST], the ABS took the precaution of closing down the system to ensure the integrity of the data,' Mr Kalisch said. 'I can certainly reassure Australians the data they provided is safe,' he said."

UPDATE 8/09/16: Many reports are contradicting Kalisch's claim that the website was shut down from DDoS attacks. User @mhackling on Twitter tweeted a screenshot of Digital Attack Map showing "nothing unusual DDoS wise for Australia and yesterday."

Never assume malice when stupidity will suffice

Never assume malice when stupidity will suffice.

At this stage all reports indicate that the ABS cocked things up big time. The DDoS angle seems to be furious spin doctoring.

Re:How can you tell?

[Smiddi]

Its better politically to blame "overseas hackers" than admit they screwed up.

Not hacked. Just bad capacity planning

[Neo-Rio-101]

http://www.abc.net.au/news/201...

Now they are saying it's not been attacked from overseas.

How hard would it have been to "do a Netflix" and block IP addresses based on location anyway? - That would at least stem the amount of foreign intelligence services from trying to hack the website which contains information on Australian citizens.

I read that they tested the system to 150% capacity, where 100% capacity was estimated to be 1 million forms processed per hour.

http://www.abc.net.au/news/201...

That estimate was a gross underestimation of the numbers of sessions needed to handle an estimated 16 million households - all of whom most likely would have logged in during a 4-6 hour period in the evening. You don't have to be a rocket scientist to calculate that the system didn't have the capacity to deal with this spike in traffic.

The capacity should have been somewhere in a ball park of 5-10 million forms processed per hour, or more.
Couldn't have been cheap to have load balancers maxxed out trying to maintain that many accelerated SSL sessions.... but there you go.