Internal 'Set Of Blunders' Crashed Australia's Census Site

Slashdot reader River Tam explains the crash of Australia's online census site, citing the account of a security researcher who says IBM and the Australian Bureau of Statistics "were offered DDoS prevention services from their upstream provider...and said they didn't need it." From an article on CSO: The ABS and IBM gambled on a plan to ask its upstream network provider to block traffic from outside Australia in the event that a denial-of-service attack was detected... Offshore traffic to the site was blocked in line with the plan, however, another attack, for which the ABS had no contingency to repel, was directed at it from within Australia. The attack crippled the firewall and the census site's operators opted to restart it and fall back to a secondary firewall. However, they forgot to check that it had the same configuration as the primary firewall. That crippled the census site.

In an unfortunate confluence of events, IBM's security warning systems started flagging some unusual activity, which indicated that information on the ABS servers was heading offshore. The site's operators, thinking the DDoS activity was a distraction, interpreted the alarms as a successful hack...these were little more than benign system logs and the technical staff monitoring the situation poorly understood it. Amid the confusion they naturally erred on the side of caution, [and] decided to pull the plug on the site...

That would be

blunders from down under.

Re:That would be

Can't you hear, can't you hear the blunder?

Re:That would be

I come from the land down under, where the census site goes asunder...

Re: That would be

You elitist prick, ask an African about his hunger.

IBM you say?

Let me guess, "the technical staff monitoring the situation poorly understood it" were needful-doers from IBM.

Re: IBM you say?

Just think of the money they'll make from fixing the problem and consulting fees for handing it off to another vendor.

Re:IBM you say?

[lucm]

The part that was hosted by IBM (static files, etc) is the only part that didn't go down in flames. Why did they host only the static files? Because they didn't have the Australian-specific certification for cloud computing. So the Australian government opted to host this thing on their own servers. A piece of shit solution, but a certified one.

Re: IBM you say?

Anything cloud is shit by definition. So yeah...

Re:IBM you say?

Actually the static files, images etc, DID start going down in flames, before the actual app part bought the farm. From about lunch time onwards, and particularly in the late afternoon.

The fundamental issue was the entire thing was scoped about an order of magnitude off the reality.

Re:IBM you say?

[dbIII]

So the Australian government opted to host this thing on their own servers

Where did you get that from?
Everything else I've read disagrees with that and says that IBM was hosting the VMs for the ABS.

Re:IBM you say?

If you can't host static files (even for millions of users) then they should give up the fucking game altogether anyway. But from what they are saying here this wasn't just a problem with ABS, it was IBM systems that failed. Don't forget just about everything in the ABS has IBM involved too.

Re:IBM you say?

[telchine]

So the Australian government opted to host this thing on their own servers

Where did you get that from?

You must be new here. On Slashdot, you don't need to be right, you just have to sound right to get mod points.

Re:IBM you say?

[lucm]

So the Australian government opted to host this thing on their own servers

Where did you get that from?
Everything else I've read disagrees with that and says that IBM was hosting the VMs for the ABS.

That "everything else" can't be much because this comes from one of the linked articles in the summary.

The clarification here is that many people have been saying IBM was hosting the e-Census website. According to our source, this is not strictly correct. IBM provided a content distribution network (CDN), running on SoftLayer, for static content such as fixed text and images. This is similar to the services Akamai provides with clustered nodes distributed across the world.

But the actual e-Census application, which operates dynamically is not hosted by IBM. Our source suspects the application is being hosted on ABS' own systems.

http://www.cso.com.au/article/...

Re:IBM you say?

[lucm]

So the Australian government opted to host this thing on their own servers

Where did you get that from?

You must be new here. On Slashdot, you don't need to be right, you just have to sound right to get mod points.

I see you went for the other strategy, which is to accuse other people of making stuff up because you are yourself too lazy to even read TFA.

Re:IBM you say?

On Slashdot, you don't need to be right, you just have to sound right to get mod points.

So, like Fox News, then?

Re:IBM you say?

[telchine]

So the Australian government opted to host this thing on their own servers

Where did you get that from?

You must be new here. On Slashdot, you don't need to be right, you just have to sound right to get mod points.

I see you went for the other strategy, which is to accuse other people of making stuff up because you are yourself too lazy to even read TFA.

You must be new here. On Slashdot we don't read TFA before posting ;-)

Re:IBM you say?

[dbIII]

If it's from the article please quote the relevant portion because I did not see anything to support what you suggested either there or in other articles.
Also I did not accuse you of "making stuff up" - it's interesting that you are suggesting that I did instead of what I did do which was ask a question. Why do you think I was accusing you of making things up? Should I be assuming you are instead of just having information I have not seen?

Re:IBM you say?

[lucm]

So the Australian government opted to host this thing on their own servers

Where did you get that from?

You must be new here. On Slashdot, you don't need to be right, you just have to sound right to get mod points.

I see you went for the other strategy, which is to accuse other people of making stuff up because you are yourself too lazy to even read TFA.

You must be new here. On Slashdot we don't read TFA before posting ;-)

Yeah I usually do that but this time I wanted to see if it was another debacle caused by low-cost offshore rent-a-sysadmins. Turns out it's not, it was caused by expensive IBM rent-a-suits and/or somewhat expensive local civil servants.

Re:IBM you say?

[dbIII]

if it was another debacle caused by low-cost offshore rent-a-sysadmins

A bit over five years ago IBM Australia had the majority of their sysadmins spend a couple of weeks in China to train their replacements and then laid the Australian sysadmins off.

How many ...

.... dollarydoos will this little blunder cost?

Re:How many ...

Depends on whether they criminalise those that didn't comply with the law to submit the census on the day.

Re:How many ...

No. People have until the 23rd of September to complete the census and you won't be fined if you didn't complete the census on the night.

Re:How many ...

almost as many as they saved by not employing any data entry clerks this year.

Another government fuck up, when will we learn...

If I were an Aussie, I'd want my data back. I'd have no confidence in the govt keeping their new privacy-destroying data secure. While I'm at it I'd take my tax back too as a vote of no confidence in anything they do.

What DDOS?

I still haven't seen any mention of evidence that there was any attack at all. Well, except in the negative sense, as in "Global DDOS sensors failed to register any attack".

From the server's point of view, what exactly is the difference between "a DDOS attack from within the country" and "ten million users trying to log on to the site within one hour"?

Re:What DDOS?

[sg_oneill]

Arguably if the census servers where nullrouting traffic from uoff-site, that might well explain why nothing showed up on those maps.

Regardless, a DDOS seemed like it was innevitable. The stupid and anti privacy decision to store identifying info (Names, etc) with this census despite widespread condemnation from academics, activists and security researchers (at least 9 senators from across the political spectrum are refusing to fill it in citing the leaked papers from the bureau stating they want names and addresses to create "saleable products", ie selling peoples personal info.

Of course Anonymous or someone of their ilk was going to take umbrage and attempt to sabotage the whole thing.

Re:What DDOS?

The Australian Census has included identifying info (names, etc.) for a long time now, this didn't change this year. The only change was to legislation quite a few months ago which allows ABS to retain the data for a bit longer (18 months to 4 years).

Re:What DDOS?

Spot on. There is absolutely no evidence of an attack of any kind. Merely an underspeced system failing to cope with a load anyone outside the government could have predicted. They were banking on users being spread more or less evenly throughout the day. That's just not how things happen in the real world.

Re:What DDOS?

It was a little more than that, they also now take the names and addresses to generate unique identifiers which are permanently kept. So you have longer data retention of private information, electronic access and even after the retention period has passed unique identifers are kept for use with data matching. All being done by a government department that is decades behind in IT and relies heavily on IBM (part of the reason they are so far behind). This is not a recipe for success (at least from the perspective of end users).

Re:What DDOS?

[bickerdyke]

Wouldn't an address be a really bad choice for an identifier?

Re:What DDOS?

[Opportunist]

Well, technically it is a DDoS. And they brought it onto themselves by pretty much demanding that people participate in it. So ... who's to blame for it?

Re:What DDOS?

Permanent key is made up of 2nd, 3rd and 5th letters of the family name, the 2nd and 3rd letters of the given name, date of birth as a character string of the form ddmmyyyy, followed by the character ‘1’ for male and ‘2’ for female

eg: John Smith 01/02/1970 Male = MIHOH010219701
Australian Prime Minister Malcolm Turnbulls' key = URBAL241019541
Knowing how they're made, you can work out anyone's key by yourself.

The address is only used to help link the person to other government databases to begin with, it isn't a primary identifier.

Re:What DDOS?

[umghhh]

Is it not criminal to destroy government property? If so then all these evil Aussies that hushed to fill in the forms after work should be fined or maybe even put in jail for their criminal attack on government property.

Re:What DDOS?

[Opportunist]

Damned if you do, damned if you don't...

Re:What DDOS?

What if your name only has 1 or 2 characters and/or you don't identify as male or female?

Re: What DDOS?

[TekPolitik]

It does not use the address. It uses the 2nd, 3rd and 5th letters of the last name, 2nd and 3rd letters of the first name, date of birth and sex. For shorter names it pads with "2". You can fake it into reporting "name withheld" by putting a "9" in each of those positions in the name.

Re:What DDOS?

[aXis100]

I'm quite certain that the ABS (you now, professional statisticians) could have and should have predicted the load.

Re:What DDOS?

(at least 9 senators from across the political spectrum are refusing to fill it in citing the leaked papers from the bureau stating they want names and addresses to create "saleable products"

This part is very very interesting to me, can you provide some source?

I had been spreading the word about the 2016 census and got many 'who cares' responses from people but the fact the ABS intended to sell this information from the start is a smoking gun.

Re:What DDOS?

Any names missing characters have their fields replaced with a '2' and no one cares what you want to identify as. You answer with the sex on your birth certificate.

Wtf

$9million for hosting static pages.

Where can I bid for these contracts?

Online voting

[Gavin+Rogers]

There's some good news here. This ABS blunder sets the likelihood of paperless and/or online voting happening in Australia back another decade or so.

It's probably weird that as a technology geek I'd be a fan of paper voting, but paper forms are a lot harder to hack or manipulate without a trace.

Re:Online voting

No, paper forms are far more easier to manipulate, it's just extremely difficult to do so at scale.

Re:Online voting

Bits in an electronic voting system are difficult to manipulate, but at least in the Australian system paper forms are also very difficult to manipulate, at least without being noticed. Political parties with an interest can provide scrutineers who can watch the process. You can see the person putting the ballot in the ballot box, you can see the ballot box being sealed, you can watch the counting process to ensure that it is being done correctly. Perhaps most importantly, everybody understands how paper behaves. Bits it a computer are much more esoteric and only a very few people would really understand how they might be able to be manipulated or notice that something untoward has happened if it did.

Re:Online voting

[Opportunist]

And it's far harder to do it in a way that nobody can find out. Plus, it is far harder to cry foul play without having to prove it.

Re:Online voting

[redcliffe]

It's bad news really.

It should be trivial to do a good electronic voting system. Electronic touch screen to do your vote and count it, with a two paper receipts printed for you to check. One you keep for yourself and the other you put in a ballot box for recounting. The electronic count would provide the main count on the night to indicate the result, the paper receipt is available for recounting with scrutineers and the voter can verify that the receipt matches their intentions.

However if they did do it, they'd contract Diebold and IBM because they give executives really nice golf hats. We all know Diebold and IBM can't do i++ accurately.

Re:Online voting

Exactly. Susie the reclaim Australia supporting vote counter and her mate Fred can potentially manipulate maybe a few hundred or so votes at the local scout-hall, which (a) is unlikely to influence the decision (with some exceptions) and (b) quite likely to be caught on a recount if the vote is that close (aka there is a paper trail and a paper count if votes "disappear" or "materialise"). Hacky McHackface, on the other hand, can potentially manipulate millions of votes in a completely untraceable manner if they can find the inevitable security hole left by the lowest bidding company who built the system.

And of course paper also has the advantage that people can decide to make a non-counting vote (leave the form blank).

Consequence of not having a Social License

In Australia the phrase 'Social License' is starting to register with the wider community. Issues such as the coal seam gas mining and a range of unpopular but otherwise legally compliant initiatives are feeling the backlash from ordinary people.

People may think that the 'Brexit' phenomenon is new, however there is a growing discontent among the wider population with the small but influential groups that ignore the views of the community affected by these schemes.

I wouldn't support the alleged DDOS attacks on the ABS web site, however the ABS has moved ahead with changes to its data retention policies without considering the associated risks, and even well known politicians are refusing to cooperate with the Census.

You can imagine the executives at the ABS discussing their planned changes and asking "what will people do if they don't like the changes" - well now they have seen what could happen.

It's more than likely that the Chief Statistician (on over $700,000 a year) will be asked to resign. It's difficult to sack him (a quirk of the legislation that created the ABS) however you would not expect that a person on such a salary would show such poor judgement.

The 'Brexit' phenomenon has only begun to unfold, and you can only hope that people look past the technology issues surrounding the ABS Census debacle and start asking the question - if you don't have community support is your idea actually any good?

Re:Consequence of not having a Social License

[dbIII]

The Chief Statistician is fairly new and stepped in to fill a 12 month+ vacancy. The true blame lies above that level and dates to before his employment.
"Denial of service attack" by means of cutting resources and by people in politics pushing a scare campaign to get people to all log in on the same night in fear of being fined for doing it a day late.

Re:Consequence of not having a Social License

So you are saying IT people are incapable of doing their job without a high LEVEL PHB making meaningless decisions? If that is the excuse for ABS IT then they all need sacking now.

Re:Consequence of not having a Social License

They're perfectly capable of doing their job - the trouble is that they need someone to tell them what that job is.
Particularly if there's multiple layers of middle management each with their own agenda pushing in different directions.

Lack of management really does ruin a good team.

Re:Consequence of not having a Social License

[Opportunist]

You can imagine the executives at the ABS discussing their planned changes and asking "what will people do if they don't like the changes" - well now they have seen what could happen.

Actually I would really expect such a question to not be asked at all. Rather, a question like "what if people don't like it" would be filed in the "doesn't matter" pile.

Re:Consequence of not having a Social License

[dbIII]

So you are saying IT people are incapable of doing their job without a high LEVEL PHB making meaningless decisions

"Meaningless decisions" like not employing enough people to do a task you mean? Why yes, indeed they are incapable just as you would be when confronted with a task you do not have the resources to attempt.

Re:Consequence of not having a Social License

[thegarbz]

It's difficult to sack him (a quirk of the legislation that created the ABS) however you would not expect that a person on such a salary would show such poor judgement.

What poor judgement?
The poor judgement of a person who is completely new to a role that has been vacant for long enough that the entire division falls into leaderless disarray?
Or the poor judgement of someone desperately treading financial water after successive governments collectively have managed to slash $200million off the budget for a division that originally had it's budget increased because it couldn't actually afford to hold the last census?

I'm sure he'll get fired. But it will be because he's a nice scapegoat, not because of poor judgement.

Re:Consequence of not having a Social License

[aybiss]

I'm guessing you're one of these people that still hasn't filled out the actual census and realised that all along there was a checkbox at the end ASKING FOR YOUR CONSENT to store your name. JUST LIKE IT HAS ALWAYS DONE.

But sure, keep claiming that the thing you've made up in your head somehow has something to do with the site falling over.

Re:Consequence of not having a Social License

Lies. It asks for permission to store and release all of your data after 99 years. Including you name. The change is they're going to keep all names forever regardless of what you choose for that option. Previously they were destroyed unless you said yes, now they'll be kept whatever you choose.

DDOS? More like a self inflicted slashdotting.

[complete+loony]

In previous years, they had been quite careful to inform people to pre-fill their form before census night, and submit after. This year they were expecting only a minor increase in peak traffic.

Then they go and blast the message, "Fill in your form online, ontime or face massive fines", all over the media.

So what did we all do? When the majority of 9-5 workers got home, we all tried to login and submit at about the same time.

Sure they screwed up their network config, but it was a combination of poor planning and poor communication that triggered the whole mess.

Re:DDOS? More like a self inflicted slashdotting.

[redcliffe]

It was also very concerted "census night". Tell everyone to do it on that night and they'll do it on that night. Doesn't matter though it shouldn't have been hard to handle that in this day and age. ABS SES Executives were just idiots.

anti-DDOS is like real estate

[Orgasmatron]

It is all about location, location, location...

My employer is on a state-wide network that connects, among other things, a ton of colleges and universities. After some recent BLM events, there were sympathy DDOS attacks from anonymous or whoever, so the state just spent millions on fancy new anti-DDOS gear on the external side of all of their POPs.

A few weeks ago, I had an opportunity to ask the state's Chief Information Security Officer what their plan was to handle internal attacks coming from the colleges, which are inside the perimeter, and typically have incredible switching and routing capacities (as part of I2), far in excess of anything our rural fiber rings could handle. It took him a few seconds to review the topology of the network in his head before he realized that we'd be screwed.

I have some sympathy for Australia. DDOS is a hard problem to solve, even if you've got millions to spend on the newest, shiniest gear.

Re: anti-DDOS is like real estate

Ah, but they barely spent a cent on anti-DDOS measures.

Generally, you don't progress towards solving hard problems by wishful thinking that they do not exist, or they can be hand waved away.

I'd expect the chief statistician to be gone, along with several of his senior IT staff, and IBM to be now be persona non grata in Canberra as well as Brisbane.

Re: anti-DDOS is like real estate

Not the statistician; they work with the census data. It was a short-sighted judgement from an executive, not an unknown risk someone failed to model.

Re:anti-DDOS is like real estate

This example shows how you need senior management to listen to the people with the right experience. Geoblocking DDOS was a failed plan to begin with. As was demonstrated by the census fail, it is possible to use methods such as reflecting DNS and ICMP traffic to make it appear your attack is coming from whatever region you want. This would be expected by any decent IT tech with some knowledge of the subject and I find it hard to believe that nobody on this project flagged the risk. The problem is more likely that they either failed to communicate the risk back to senior management, the message was lost as it was being passed from person to person or senior management didnt listen. Its essentially another example of process & communication problem within an IT project.

Implementation was good though

To be fair - the actual implementation of the census site, when it worked, was quite good, and a hell of an advance over the old pen-and-paper process of 4 years ago. It's a shame that this census will be remembered for it failing to handle the security / meltdown, rather than be lauded for pushing forward with better ways of gathering census data in a more modern and updated manner.

Re:Implementation was good though

[marka63]

30+ hours to get your password / receipt emailed to you. 20 minutes, maybe 1 hour is acceptable.

Started my census return on the 12th at 17:05 and requested the password be emailed to me.
The password email was sent by the ABS servers in the 14th at 03:50.

If I was depending upon the password to resume doing the census I would have had to wait an additional day.

Additionally the forms really didn't handle doing "Father", "Daughter", "Wife". Had to go and delete all the data entry for my daughter. Add my wife then re-add my daughter.

Re:Implementation was good though

[NotAPK]

Why are you entering anything more than: 1 female, under-18?

Does the form record full contact information about your daughter? And you voluntarily supplied it?

Re:Implementation was good though

[marka63]

No the form does not record her contact information. The only contact information was mine.

The relationship information however is not collectable unless you enter the people in the household in specific orders. i.e. the form was poorly defined as there were no instructions as far as I could see about entering people in specific orders.

Re:Implementation was good though

[NotAPK]

I see, cheers for the explanation.

I've filled in many Government issued forms where the instructions are not very clear. Unsurprising to hear the online ones are no better.

Two IBMs

When I think of modern-day IBM, I think of two things: A company with excellent scientific research, and a company that has lots of problems with its software contracts. It seems weird that it's the same company.

Re:Two IBMs

IBM are masters of under quoting costs to win the business then when the organisation finds out they either payup or kick IBM out. a LOT choose to pay up as admitting failure is far worse for many than cost overruns. some of the worst I have seen is the extremely poor competence of many of the technical guys that turn up. (disclosure, we frog marched every IBM consultant off the premise after they were 2 million over budget already with no end in sight). IBM today is a poor shadow of its former self.

Re:Another government fuck up, when will we learn.

It's okay, it isn't like anyone ever tells the truth on the damn thing.

According to it, this time, I have changed my religion from Jedi to Sith.

Off with his head!

[thegarbz]

The prime minister Malcolm Turnbull went on the record to say that he will punish those responsible.

Yet it was the coalition government that cut the ABS budget by $68m, left the department leaderless for a year, and also poked the bear with talk of selling citizen information to make money which may have prompted the attack in the first place.

The only question is who will be the scapegoat.

Re:Off with his head!

So you believe this census debacle happened entirely in the last 3 years? even though ABS get specific budget for census and they have been planning current systems for way longer than 3 years.

not saying current government is good, but you are completely full of shit and making excuses for bad decisions made by ABS and IBM.

Re:Off with his head!

Labor had also done cuts in the previous years to the tune of $45 million and had plans for more cuts had it won the election, so can hardly blame Coalition for what both sides agreed was necessary. ABS also got special allocation of funds for technology of $250 million so these cuts did not affect census and Even with these cuts though they still continue to pay top dollar for external services from IBM so it can't be hurting them too much.

Re:Off with his head!

[thegarbz]

So you believe this census debacle happened entirely in the last 3 years? even though ABS get specific budget for census and they have been planning current systems for way longer than 3 years.

not saying current government is good, but you are completely full of shit and making excuses for bad decisions made by ABS and IBM.

Re-read my post. The budget cuts were a direct driver for the ABS to attempt to make money by selling data, which is exactly what people are blaming the DDoS for.

As for bad decisions, they are very easy to do when you have no oversight or leadership, a role which was left vacant for over a year by the government.

As for planning the current systems and funding, it may be worth looking into the time line. IBM was a contractor selected for outsourcing a good 8 years ago. That project was then put on hold indefinitely. It was restarted after the announced budget cuts as a way of reducing costs by the ABS by not having to manage their own servers.

ABS is a government entity. I didn't make excuses for bad decisions, I laid blame. When you fuck up something this glorious and affect every person in the country, the buck rests at the very top. Systems were in place that let this happen, e.g. why would the federal government partner with a company that has been blacklisted is a government supplier by two Australian states without some form of inquiry?

Re:Off with his head!

[thegarbz]

Labor had also done cuts in the previous years to the tune of $45 million and had plans for more cuts had it won the election

Oh I'm sorry. You seem to be under the impression that my comment was partisan. That doesn't change what happened. A series of budget cuts, lack of management oversight, decision to outsource to save costs, and then entice the DDoS by making the unpopular move to sell data of citizens is a bad call that could have been made by any government.

The only reason I mentioned the libs at all was that it was the current lib leader looking for a scape goat despite his hands being covered with digital blood from the incident.

Also as for your retort, saying someone else cut a budget previously has no relation to what happened closer to an event. If you earn $1000 a month and spend $200 on booze and barely get by as it is you can still function if someone cuts your budget by $200. If someone else comes afterwards and cuts you budget by a further $400 and you end up homeless would you take kindly to the excuse "It wasn't just me, the previous person cut your budget too!" That's the wonderful thing about budgets, they typically can be cut to a point.

Was that point reached? I don't know. What I do know is that after years of successive budget cuts the ABS now failed to do the one thing they are responsible for.

Re:Off with his head!

[PolygamousRanchKid+]

The prime minister Malcolm Turnbull went on the record to say that he will punish those responsible.

And then those responsible for the sacking, will be sacked.

Re:Off with his head!

[redcliffe]

Regardless of any politics, the large, highly promoted public census was always going to be a huge DDoS target.

Re:Off with his head!

[thegarbz]

Just like the DDoSes that didn't happen 5 years ago when we also were able to fill it out online? Or the yearly tax return? Or the censuses that work online the world over without a hitch?

Please don't make excuses for them, they come up with their own lame ones already.

Re:Off with his head!

So are we at the "hunt for the guilty" stage, or at the "punishment of the innocent" stage of bureaucratic blame-laying?

Dutch police

This sounds similar to Dutch police, who put out a press release that there website was having trouble because they where being hacked.
In about half a day they found out that they added a 40 MB JPG on there front-page and scaled it to a thumbnail using CSS....

Retrospective self serving techno excuses

[khz6955]

I call BS on the whole story. What happened was the website fell over when most of the Australian population tried to log on at the same time. Did anyone else on the same network suffer similar outages?

Re:Another government fuck up, when will we learn.

You don't believe them about it being unhackable anymore? Why, if they see even the slightest bit of server traffic, they'll take the entire thing offline. Good luck hacking into that!

Re:Another government fuck up, when will we learn.

[Opportunist]

Give yourself to the dark side. It is the only way you can save your privacy.

Re:Another government fuck up, when will we learn.

[telchine]

It's okay, it isn't like anyone ever tells the truth on the damn thing.

According to it, this time, I have changed my religion from Jedi to Sith.

I don't know about Australia. In the UK, the whole point of the Jedi thing was to point out that the only part of the census that was optional and didn't need to be truthful was the religion question

Managers and Politicians vs Developers

The facts here are even more mundane than DDoS attacks or hacking attempts, which are just routine these days for any moderately high-profile website.

  The problem was simply that some idiot politicians got together with some equally ill-informed managers and PR types and decided to have 'census day'. I can guarantee that everywhere throughout the developer food-chain for the Aus Census website there were many, many workers saying loud and clear, "this is a bad idea" - who in their right mind would expect a website to stand up to an entire nation hitting it at exactly the same time (after dinner) and what bunch or morons would engineer this exact scenario? Well, the politicians did and shot themselves in the foot, especially when it subsequently transpired that people had until September to complete the survey despite the advertising delivering a clear message that "there is one census day, and that's the day when you need to complete the census".

  Yhat's what they did and the inevitable happened. All the subsequent media talk of hacks and DDoS here has come with the clear evidence that nobody in media actually knows what they're talking about when it comes to this issue.

The Force was not with them.

[Dunbal]

That's what happens when you make fun of the Jedi.

Re:The Force was not with them.

[rtb61]

I don't get what the fuss is about. To be honest, as I don't watch free to air or listen to it, I missed the whole must fill it in on the night scare tactic, I was expecting the book to come and as it didn't, missed the whole thing, until it all fell over. They asked bugger all questions and let's be real about this, if you make a mistake filling it in, they can not fine you and yes, I am still a Jedi and will be for as long as they ask that particular question in a secular state.

Ah yes, the old firewall failed-failover

I've seen that happen with every company I've worked for. The most recent was HSBC when they sold off some of their business to CapitalOne and needed to split off one of their data centers. Switched the firewall over on the weekend and forgot to configure the VPN routes to go with it. Of course, this all happened in the middle of moving 30% of staff to work from home. So glad to no longer be working for those idiots.

Nobody ever got fired for buying IBM

[lwoggardner]

Until today. Well ok it will be in a few weeks and be some low level public servant but the cliché will be broken nonetheless.

just think

if they were running windows 10, hahaha, it would have been even worse!

Re: just think

If everyone were running Windows 10 they wouldn't need to build their own shitty census!

Nobody ever got fired for choosing Microsoft either.

SUSPECTS?

[dbIII]

SUSPECTS?
How is "Our source suspects" proof? Other articles have been referring to IBM hosting that lot because the ABS just does not have anything close to the infrastructure to do it in-house and a proposal to acquire more servers was denied last year.