ABS claims website for Australian census 2016 hacked

By Debra Killalea

he crisis comes just hours after the Census website was shut down after being targeted by foreign hackers in a malicious attack. Photo / Getty Images
he crisis comes just hours after the Census website was shut down after being targeted by foreign hackers in a malicious attack. Photo / Getty Images

The minister responsible for the Census has denied that the national survey was "hacked" or "attacked", despite public statements from the ABS claiming otherwise.

In an overdue press conference this morning after more than 12 hours of confusion, Small Business Minister Michael McCormack said: "This was not an attack, nor was it a hack.

"It was an attempt to frustrate the collection of data, an attempt to frustrate the collection of data. People should feel rest assured their data is safe."

This directly contradict tweets and a press release issued by the ABS this morning, which stated there were four "attacks".

However the Minister maintained he was not describing it as an attack because the site was not breached.

"I'm not using the word attack, nor was it hacked," he said.

"I feel by saying attacked, it looks as though, and it seems as though ... information was then gained. There was no successful attack."

He said the ABS, in conjunction with IBM, closed the system down as a precaution so no information could be accessed.

"A hack is when somebody gets into a system, and then uses it for malicious purposes. There was no attack, there was no hack, because that sort of information did not get out," he said.

The press conference comes after the ABS went to ground with all questions directed to the government minister responsible for the Census after the overnight saga.

The crisis comes just hours after the Census website was shut down after being targeted by foreign hackers in a malicious attack, the Australian Bureau of Statistics said this morning.

"It was an attack," ABS chief statistician David Kalisch told ABC radio this morning.

"It was quite clear it was malicious."

The ABS said is was now working with the Australian Signals Directorate to determine the source of the attack.

However, Mr Kalisch said so far it had been difficult to work out where the hack came from.

In the statement and on Twitter this morning, the ABS revealed the 2016 online form suffered four "denial of service (DoS) attacks" yesterday of varying nature and severity.

A DoS attack aims to crash a site by flooding it with more requests for information that it can handle.

The first three attacks caused minor disruption, the ABS said, but more than two million people still managed to submit their surveys successfully.

However the ABS took the "precaution of closing down the system to ensure the integrity of the data" just after 7.30pm.

Mr Kalish moved to reassure Australians that steps were being taken to fix the issue and that people's details were safe.

A number of digital assaults on the Census website began during the day yesterday and were repelled.

But the frequency increased as the evening neared and many Australians trying to reach the Census site after 7pm couldn't connect.

It was at this point the ABS began the process of shutting down the site.

Mr Kalisch maintained the details of people - including Prime Minister Malcolm Turnbull, who had managed to successfully access the site - were secure.

"I can certainly reassure Australians the data they provided is safe," Mr Kalisch said.

The ABS released a statement about 11.30pm last night advising the website was unavailable and reassured Australians they would not be fined for not completing the survey.

"ABS would remind Australians that they have plenty of time to complete the Census, to well into September, and again note that fines will not be imposed for completing the Census after Census night," he said.

Australians took to social media to express their outrage after they failed to get online last night.

Many questioned how safe their data was if the government couldn't even manage the site in the first place.

Meanwhile the privacy Commissioner said he will investigate the "cyber attacks" on the Census.

Timothy Pilgrim said his staff have been in contact with ABS this morning and that his first priority was to ensure "no personal information has been compromised as a result of these attacks".

"Yesterday I noted that the Office of the Australian Information Commissioner has been briefed by the ABS on the privacy protections put in place for the Census," he said.

"My office will continue to work with the ABS to ensure they are taking appropriate steps to protect the personal information collected through the Census."

ABS Census boss Chris Libreri earlier told news.com.au the system had undergone rigorous testing and was unlikely to suffer a meltdown.

"We wouldn't do it unless we were able to safely do it, we have evolved it and we are confident," he said.

It also emerged an Australian technology company with expertise in software testing was paid almost $500,000 to ensure the Census servers would not crash under the load.


The ABS said the crash was a result of four "denial of service" (DoS) attacks.

A DoS attack aims to make a network resource or computer system unavailable by flooding it with more requests for information that it can handle.

It is generally not designed to steal data and is more concerned with disruption.

The method was used by Anonymous in 2008 against the Church of Scientology's official website.

Security strategist at intrusion prevention systems provider Top Layer Networks Ken Pappas said the Scientology attack was likely achieved with the use of botnets - a number of internet computers set up to forward transmissions to other computers on the internet.

Australian government websites have been attacked by Chinese hackers in recent years.

However some Twitter users pointed out that a DoS attack was not actually a hack.

Cybersecurity expert Matthew Hackling also tweeted there was no evidence of a DDOS attack.

Dr Mark Gregory from RMIT University this morning said more proof was needed over the government's claim that an overseas attack had taken place.

"A denial of service attack is when they get millions of computers trying to access their systems at the same time," he told ABC Breakfast.

"You are overwhelming their computing power by doing that. Interestingly enough, the system, as we have learnt, was built to handle about a million transactions in an hour. A million people doing their return in an hour. Now, my understanding is that most Australians have dinner, sit down, try and do the census. If you had five or six million households trying to do their census at the same time, that's similar to a denial of service attack.

"We need some proof this was from outside Australia and not just simply Australians trying to do the census."


The ABS has assured the two million Australians who filled in the Census before the site was shut down that their private data was "secure at the ABS".

The bureau made repeated assurances before Census night that the site and Australians' data was secure.

It said names and addresses would be stored separately to questions and answers, and the site was encrypted.

It also said it has employed "ethical hackers" to crack the site to ensure it was secure.

However, Dr Keith Suter, a consultant on strategic planning, told Sunrise this morning that he couldn't be sure that the details of people who had already logged in were really secure.

He also said it was possible we may never find out who was behind the attack.

"At the moment we do not know," he said.

"It is a denial of service attack and therefore they just keep bombarding their website as opposed to hacking.

"I think that hacking could happen in the next four years, with information going onto the dark web. The hackers could continue to attack the website and continue to deny service."


Only yesterday, a number of high-profile Australians revealed they planned to leave their names off the Census or boycott it despite a pledge from the ABS that their privacy wouldn't be compromised.

Independent senators Nick Xenophon and Jacqui Lambie, and Greens senators Scott Ludlam and Sarah Hanson-Young, said they would risk a $180-a-day fine by withholding their names and addresses.

About 10 million households are legally required to give the Australian Bureau of Statistics information about their homes, religion and income in the five-yearly snapshot.

Despite assurances people's details were safe, some doubted it would be the case while others were sceptical such a debacle wouldn't happen again.

- Additional reporting: AAP, Matt Dunn

- news.com.au

Get the news delivered straight to your inbox

Receive the day’s news, sport and entertainment in our daily email newsletter


© Copyright 2016, NZME. Publishing Limited

Assembled by: (static) on production apcf03 at 27 Oct 2016 02:39:16 Processing Time: 857ms