The Minister for Small Business, Michael McCormack, says the problems with the Australian Census last night were neither an attack or a hack. “It was an attempt to frustrate the collection of data,” the minister told a press conference this morning.
McCormack said the security of the Australian Bureau of Statistics was not compromised and no data was lost.
McCormack said a denial of service attack occurred at about 7.15pm last night. This was followed by a hardware fault when a router failed. A denial of service attack occurs when a computer system is flooded with connections that overload the system and prevent it being accessible to genuine users.
According to McCormack, the first denial of service increase in traffic occurred at 10.08am yesterday. An outage lasting 5 minutes occurred. This was repeated at 11.46am. At 11.50am, all international traffic to the website was blocked. This is a standard means of countering a denial of service attack.
At 11.55am, the attack was reported to the Australian Signals Directorate. This is the agency responsible for signals intelligence. It was established in 1947 as the Defence Signals Bureau. Prior to 2013, it was called the Defence Signals Directorate.
At 4.58pm, a modest increase in traffic was defended by the system’s firewall. Another took place at 6.15pm. The attack at 7.13pm occurred just as thousands of people began logging on to complete their census forms. The decision to shut down the site was made at 7.45pm. McCormack said he was notified at 8.10pm and he notified the Prime Minister at 8.32pm and the Treasurer at 8.33pm.
McCormack said the system was restored at 11pm but not put back online. All data was back up, with nothing lost or compromised. He said the crisis occurred because a number of events occurred simultaneously: the denial of service attack, the hardware failure, a false positive reading and a failure of the geo-blocking mechanism. Until that point, the system had been coping with the volume of traffic and was capable of handling 260 forms per second.
The Australian Statistican, David Kalisch, told the press conference that the online form will be operating “when we are convinced it is robust enough”. The Australian Signals Directorate is advising on this.
Alastair MacGibbon, the Special Adviser to the PM on Cyber Security, said that when the geo-blocking service fell over, the main defence against denial of service went with it. He compared a denial of service to parking a truck across a driveway to stop access. “Denial of service is not a hack, not a breach, not an intrusion,” MacGibbon said, adding that such attacks are “not uncommon” and that most of the traffic was coming from the United States
- Listen to McCormack’s press conference (31m)
- Watch the press conference (31m)