NewsBite

Census 2016: ten hours for cyber bomb to explode

The PM tweeted at 7.17pm on Tuesday that he had filled in the census online, but 28 minutes later, ABS shut down the website.

BRENDAN NICHOLSON
Minister for Small Business Michael McCormack and Australian Statistician David Kalisch front a press conference at Parliament House in Canberra regarding the 2016 Census on-line meltdown.
Minister for Small Business Michael McCormack and Australian Statistician David Kalisch front a press conference at Parliament House in Canberra regarding the 2016 Census on-line meltdown.
3 min read
12:00AMAugust 11, 2016.
Updated 7:26AMAugust 11, 2016

When Malcolm Turnbull tweeted at 7.17pm on Tuesday that he and wife Lucy had filled in the census online and it was “v easy to do”, he had not been told that for more than nine hours the nation’s cyber security specialists had been battling a series of denial of service attacks on the Australian Bureau of Statistics’ system.

Just 28 minutes after the Prime Minister’s enthusiastic tweet, the ABS made the monumental decision to shut down the census website.

Yet it was not until almost an hour later, at 8.32pm as he was hosting a private working dinner at his Point Piper home in Sydney, that Mr Turnbull received a call from Michael McCormack, the minister who had been in charge of the census for just three weeks, to drop the bombshell news.

As for the public, the ABS said in response to growing anger about the crashed website that it was “working to restore the service”, well after it had decided to shut it down and as TV ads continued to urge people to fill in the census. There was no mention of attacks.

The Australian Signals Directorate, the agency that protects the nation’s computer systems, had been called in at 11.55am on Tuesday after two attacks, the first at 10.08am.

The ABS online monitoring systems detected a significant and unusual increase in traffic in a surge that lasted for 11 minutes and caused the system to drop out for five minutes. Most users assumed the site was under pressure as Australians gave the ABS the snapshot of their lives, and tried again a little later. Most were able to resume their sessions and submit their forms. The traffic surge subsided without the ABS needing to take action and the system returned to normal.

Officials, backed by technicians from IBM which had provided the software program, believed the defences built into the system had fended off a denial of service attack and began investigating where it might have come from.

GRAPHIC: Assault on the census

At 11.46am came another sharp increase in traffic which was assumed to be a second attack. Concerned that the system’s cyber defences might be overwhelmed as this assault intensified, the guardians of the system decided to use one of the significant weapons in their armoury and blocked all international traffic to the site.

The system was briefly out of action. The ABS decided the attacks were most likely coming from abroad and opted to leave the bar on all international traffic.

The attackers are likely to have fallen into one or more of four categories: an agency working for a foreign state, a criminal group, issues-motivated groups making a protest or people with no particular criminal intent who were just trying to prove they are smarter than the system.

The Prime Minister’s cyber security adviser, Alistair MacGibbon, said the ABS site was attacked through the day by “unknown actors” until the bureau was forced to take its own site down to ensure the information on it was not compromised. These attacks did not result in a successful “hack” or a “breach”, MacGibbon told The Australian.

It was the equivalent of bank robbers blocking the entrance to a bank to stop customers going in but failing to get inside or to steal any money. “It was not a good day but it would have been a lot worse if those responsible had got into the system and gathered or changed data,” he said. “Data was not stolen or manipulated. That did not happen.”

The third attack came at 4.58pm and was blocked automatically by the network’s firewalls.

Anticipating further attacks, the ABS team set about shoring up its defences.

The next assault at 6.15pm was on a smaller scale and again it was stopped by the system’s safeguards.

But the bureau assessed, quite rightly, that the online offensive could reach crisis point when the bulk of Australians finished their dinner and sat down at their computers to lodge their data.

As this legitimate traffic increased, the monitoring systems detected a major new onslaught.

In the face of that attack, the ABS officials in charge decided at 7.45pm that they had to shut the whole system down to protect it from further damage.

But McCormack’s office was not notified until 8.10pm and it took four minutes to alert the minister who had just left the office.

Then, in a series of missed calls and phone messages, it took until 8.26pm for the minister and Chief Statistician David Kalisch to make contact.

Six minutes later, Turnbull got the call from his minister, who also notified Scott Morrison.

MacGibbon said the decision to shut the system down was “brave” but the right one.

More Coverage

Leaders took ABS for grantedLeaders took ABS for granted
DAVID CROWE
PM counts cost of census debaclePM counts cost of census debacle
Rosie Lewis, Jared Owens

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

More related stories

Original URL: https://www.theaustralian.com.au/nation/politics/census-2016-ten-hours-for-cyber-bomb-to-explode/news-story/d5aad38f7932ee7942709e7653b8a93e