10 August 2016

Hackers to blame for Census chaos, ABS says

| Charlotte
Join the conversation
18
Facebook Census satire on The Shovel

A malicious attack by foreign hackers is to blame for the Census chaos overnight, according to the Australian Bureau of Statistics’ chief statistician.

David Kalisch told ABC radio this morning that the ABS believe the attack came from overseas and was clearly malicious.

He said the site was struck down by four DOS (denial of service) attacks between 5pm and 7.30pm last night, and that the ABS had shut the site down as a precaution after the fourth attack.

Mr Kalisch told the ABC that Australian Signals Directorate was investigating the attacks.

Did you manage to access the site and enter your data?

I haven’t done a count of the flood of Census frustration posts in my feed, but there was a steady stream from around 5pm yesterday till late last night when the Australian Bureau of Statistics closed their population count data collection website down for the night, and it began again first thing this morning.

One of my Facebook friends suggested that the Government could ditch the census web infrastructure altogether and simply count us via our posts about the ABS process on the social networking platform.

Another is still struggling away on the website, describing this as “the census that keeps on giving”.

The Shovel ran a satirical piece suggesting the Government would introduce a Facebook log-in feature to allow one-click completion of the Census.
http://www.theshovel.com.au/2016/08/09/new-login-with-facebook-feature-allows-australians-to-complete-census-with-just-1-click/

Dozens of posts in my feed were illustrated by images of the same screen I saw when I tried to log in, featuring a message to try again in 15 minutes. I took that advice three times then gave up.

Several were slightly angrier in tone, and described having successfully logged in, completed the entire process and hit submit only to discover all their work was lost when the site crashed.

Then there were the smartypants who foresaw all of this and had contacted the ABS ahead of time to request a printed form. They posted pictures of their neat, sealed envelopes, filled in on Census night as required by law, and ready for submission.

My tech journalist mates spent Facebook time last night debating the merits of IBM’s cloud computing offering, muttering things like “who did the load testing?”, “I would not eliminate the possibility of a DDOS attack” and “IBM servers were hit by one million probes an hour”. Their analysis into the cause and handling of the mess will be worth reading in coming days.

The Government has reassured those of us who were unable to get through that they have until September 23 to complete the census, and that the data of those who did successfully submit their form is secure.

Did you manage to get through? Will you be trying again online, or requesting the printed form? Or will you be boycotting the whole thing?

Pictured above is a satirical image from The Shovel, which ran an article mocking the whole schemozzle, saying the ABS would introduce Facebook log-ins to allow one-click Census data submissions.

Join the conversation

18
All Comments
  • All Comments
  • Website Comments
LatestOldest

Masquara said :

It was quite disheartening to see supposed professional journalists participating in a gratuitous “gotcha” twitterfest on this without raking through the issues. Thank goodness for Grog’s Gamut and his considered response – a call to see the ABS funded properly.

At least they’re not let it go quietly into the night. They’re going to investigate and then find that they screwed up the funding and constraints on hiring finding themselves at blame and then silently dropping it.

It was quite disheartening to see supposed professional journalists participating in a gratuitous “gotcha” twitterfest on this without raking through the issues. Thank goodness for Grog’s Gamut and his considered response – a call to see the ABS funded properly.

HiddenDragon6:30 pm 10 Aug 16

Amidst the Keystone Cops chaos, most (ironically) amusing of all is the dogged, unblushing pretence that government decisions about the location and funding of services etc. etc.is based solely and rationally on Census data – ha, bloody ha, guys.

aleayr said :

I personally find the religion section to be loaded and difficult to answer; being baptised in a particular church is not necessarily the same as belonging to or believing in it.

Then put no religion, or another one. I was baptised into a particular church, but I haven’t felt I belonged to it since late teens, and have never seen myself as belonging to that church as an adult. Being baptised into a church as a baby is sort of irrelevant and of no consideration for me.
I found the ethnic question personally impossible to answer, as only two ancestries could be listed, when I have three. How can I discriminate? So I put Australian, as I refused to discriminate.

I did mine on Sunday afternoon in under ten minutes on Telstra ADSL2+. No problems at all. Perhaps they need to have a Census week instead of one Census night in order to spread the load a bit. Blind Freddie could have seen this coming…

Chaser also had a good take on it today: “Govt claims census triumph: ‘we are a proud nation of 4 million people’” – http://www.chaser.com.au/2016/census/

I tried at 11pm last night when I got home, it refused to even recognise my browser Vivaldi, even though it’s basically a Chrome browser (webkit engine) and works same as everything else Chrome. So I fired up proper Chrome, and of course it worked fine. But the site then tells me to try again in 15 minutes.

Note this was apparently 4.5 hours after the ABS took the site offline, and the message still said at that point “try again in 15 minutes”. Well I did NOT fall for that one, and gave up immediately and started trolling the ABS on twitter instead and reading all the other funny tweets about it.

Tweet: ABS rep Duncan Young said online census would save more than $100 million for taxpayers… by spending only $1 on the website. #CensusFail

I also tweeted a “how to automatically scale cloud services” document link from the microsoft azure website, I figured their techs could use the advice on that.

Epic fail all round. Bring on online voting? Heh, maybe not.

The cited reason ‘external DDoS’ is just a convenient excuse. LARGE web sites crash all the time upon new releases of games or software, Sony has heaps of experience with millions of Playstations out there and THEY don’t cope well with a few hundred thousand simultaneous logon attempts (and suffer from actual DDoS attacks from recognised groups like Anonymous) … the POLITICAL excuse machine is in full swing, and the POLITICAL blame game is afoot; the waters were already considerably muddied by the furphy of Name and Address (which has always been a requirement of Census forms and Always Kept for at least 18 months), the various senators (Xenaphon etc) citing they will not supply name and address information is borderline criminal ‘advice’ and absolutely stupid. The name/address information isn’t tied to Census data so you can’t look up ‘Nick Xenophon’ and find out his income or number of offspring or whatever from -Census- data lookup, it just isn’t possible. The census web site is a great idea, the implementation was always going to be problematical and the ‘single attack vector’ (“abs.gov.au”) is a key part of why it’s a problem. There are very few robust workable solutions for massive access to single-points-of-internet-interest. qv the SlashDot effect or more contemporaneously, the reddit factor …

caveat; retired goverment IT worker with excellent knowledge of communications and network topologies.

dungfungus said :

JC said :

People seriously calm down and the media need to stop creating hype. Like every other census held previously, you can complete it after the date and within a reasonable timeframe -usually into September. You just complete it “as at 9 August”. The old paper based forms didn’t have someone coming around to your place on the evening of 9 August to check that you had done it. The electronic version is no different.

I did the return for my address on Monday night in 20 minutes using ADSL2 on copper wire.
Only problem was in the religious section. We identify as Christian but there was no specific choice for this so I used the “other” section.
My only other complaint was the overuse of the word “submit” when “send” would have been sufficient.
I hope this census is the forerunner of a bullet-proof ID card like the Australia Card. We really need something like this in place ASAP.

As with many online forms, “submit” is more appropriate as the data is not actually sent anywhere – it’s not an email attachment.

When it comes to Christianity, the religion question can become complex – there are so many Christian denominations that it would be a very long form if all were listed. I believe that’s one of the reasons why they have the “Other” section. I personally find the religion section to be loaded and difficult to answer; being baptised in a particular church is not necessarily the same as belonging to or believing in it.

Also, what do you mean by the “bullet-proof” ID like the (failed) Australia Card? Why do we really need something like that?

I had no trouble. About 7 the penny dropped about the census, so fired up this thing and away I went.
Very easy to fill out. No problems or delays and received a email receipt a little later.

creative_canberran1:49 pm 10 Aug 16

dungfungus said :

Leaving aside the issue of whether a DDOS is actually included in the definition of ‘hacking’ – how easy was it for hackers to gain access to the information submitted on the paper form? And how useful was that information to identity thieves and other ne’er-do-wells when it wasn’t attributable to any particular person by name or address?

Well these are the unknowns to the public. When the paper data was scanned and put into electronic systems, you could do it on systems potentially that are closed or at least have very limited public interface. Necessarily when you have an online census, you have internal systems linked to publicly facing systems.

As for how useful the information is, that would depend on at what point the information is made unattributable. You have all this data being fed into the system, is it being cached together, then separated and identity blanked out? We don’t know. But last night would have been the logical time to make an intrusion attempt because heavy traffic and data flowing through different points between public and private systems.

wildturkeycanoe said :

We seem to do outrage and petulant behaviour very well.

There a some that demand to be offended too.

Blen_Carmichael9:56 am 10 Aug 16

We seem to do outrage and petulant behaviour very well.

devils_advocate9:37 am 10 Aug 16

JC said :

People seriously calm down and the media need to stop creating hype. Like every other census held previously, you can complete it after the date and within a reasonable timeframe -usually into September. You just complete it “as at 9 August”. The old paper based forms didn’t have someone coming around to your place on the evening of 9 August to check that you had done it. The electronic version is no different.

Leaving aside the issue of whether a DDOS is actually included in the definition of ‘hacking’ – how easy was it for hackers to gain access to the information submitted on the paper form? And how useful was that information to identity thieves and other ne’er-do-wells when it wasn’t attributable to any particular person by name or address?

Holden Caulfield9:34 am 10 Aug 16

Big Blue now needs Beyond Blue.

Hmmm…no significant DOS attacks targeting Australia on the 9th of August according to this: http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=17022&view=map

ABS, you had one job.

I thought “hacking” meant gaining access to a computer system in order to steal or access information.
This is lot different to flooding a server with automated traffic which is the case with the census shutdown.
I can find no reports that the census on-line’s integrity was breached so it was probably more mischief than malice.
Another media beat-up?

JC said :

People seriously calm down and the media need to stop creating hype. Like every other census held previously, you can complete it after the date and within a reasonable timeframe -usually into September. You just complete it “as at 9 August”. The old paper based forms didn’t have someone coming around to your place on the evening of 9 August to check that you had done it. The electronic version is no different.

I did the return for my address on Monday night in 20 minutes using ADSL2 on copper wire.
Only problem was in the religious section. We identify as Christian but there was no specific choice for this so I used the “other” section.
My only other complaint was the overuse of the word “submit” when “send” would have been sufficient.
I hope this census is the forerunner of a bullet-proof ID card like the Australia Card. We really need something like this in place ASAP.

People seriously calm down and the media need to stop creating hype. Like every other census held previously, you can complete it after the date and within a reasonable timeframe -usually into September. You just complete it “as at 9 August”. The old paper based forms didn’t have someone coming around to your place on the evening of 9 August to check that you had done it. The electronic version is no different.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.