‘Confluence of events’ led to Census failure

In an at times bizarre press conference small business minister Michael McCormack has confirmed that a series of denial of service attacks targeted the Census 2016 website, with the Australian Bureau of Statistics eventually making the decision to pull it offline.

However, despite the minister attempting to offer a blow-by-blow account of last night’s debacle, elements of the cascade of failures that eventually led to the ABS's decision to pull the Census offline remain unclear.

“I will be clear from the outset: This was not an attack,” the minister said. “Nor was it a hack but rather, it was an attempt to frustrate the collection of Bureau of Statistics Census data.” Despite arguing that it was not correct to call it an “attack”, he described the root cause of the problem as a “large-scale denial of service attempt”.

“The decision to shut down the online form was made to safeguard and to protect data already submitted,” the minister said.

McCormack said that at 10.08am on 9 August the ABS online monitoring systems detected “a significant increase in traffic”. “This was sustained for a period of 11 minutes causing a system outage of approximately five minutes. Most users were able to resume their session and submit their forms,” he said. The traffic subsided without any action being taken.

At 11:46am there was another increase in traffic “consistent with a second denial of service” and a mitigation plan prepared by ABS and its Census host IBM was put into action at 11:50am, stopping the attack. “Again, a short system outage was experienced,” McCormack said.

“Following this second attempt, a decision was taken by the ABS to maintain a block on all international traffic until midnight,” the minister said. The incidents were reported to the Australian Signals Directorate (ASD).

At 4:58pm there a “modest increase in traffic was automatically defended by network firewalls”.

“At 6:15pm, a small scale denial of service was attempted on the ABS website and stopped by the standard denial of service protections which were in place,” McCormack said.

At 7:30pm “the online Census form monitoring systems detected a significant denial of service” at the same time as “thousands of Australians [were] logging on to complete their Census”.

“At 7:45pm the ABS made the decision to shut down the online form to protect the system from further incidents,” McCormack said. Access to the online Census form was restored at 8:50pm.

“However, overload protocols were activated to prevent connections until the state of the systems and their integrity could be assessed,” McCormack said. “At this time the ABS provided a public message through social media and the ABS website to indicate there was a system outage and to try again later.”

The system was “restored at approximately 11pm” the minister said.

“All completed Census form data was backed up and transferred into the ABS secure data storage environment. Importantly, no Census data was compromised; no Census data was compromised and no data was lost.”

Here's a quick timeline of events/quotes taken from the Minister's presser RE: ABS issues (source: tveeder) pic.twitter.com/6PG9uoX0bo

— Will Ockenden (@will_ock) August 10, 2016

‘False positive’

The Prime Minister’s Special Advisor on Cyber Security, Alastair MacGibbon, said that it was a “confluence of events” that caused the problem.

“A router became overloaded,” McCormack said following which a “false positive” occurred, presumably misidentifying legitimate traffic as a further denial of service attempt (“a false alarm in some of the system monitoring information”).

“As a result the ABS employed a cautious strategy which was to shut down the online Census form to ensure the integrity of the data already submitted was protected,” the minister said

“Had these events occurred in isolation the online system would have been maintained,” the minister argued.

A geo-blocking service intended to protect against denial of service attempts “fell over,” MacGibbon said, leading to the router failing.

The ASD is investigating the denial of service attack, the government said.

At a separate press conference Prime Minister Malcolm Turnbull said there would be a “very thorough review of the events”, headed by MacGibbon.

“There needs to be a full transparent and independent inquiry into what occurred and what could have been avoided if Labor's calls for better resources for the ABS had been heeded,” shadow assistant treasurer Andrew Leigh said. “No less than 14 times over the last year I've warned about inadequate resourcing to the Australian Bureau of Statistics.”

Australian Privacy Commissioner Timothy Pilgrim has said he will launch an investigation into the attack on the Census “to ensure that no personal information has been compromised as a result of these attacks”.