Roundup: Foreign hackers attempt "malicious" attack on Aussie census: gov't
Xinhua, August 10, 2016 Adjust font size:
Australia's national census was deliberately shut down to "protect the integrity of the data" on Tuesday night, after a number of unsuccessful hacking attempts threatened to compromise the security of the national survey, the federal government confirmed on Wednesday.
As millions of Australians attempted to log onto the nation's first online census overnight, many were met with error screens, were unable to load the website, or, if they were able to fill in the form, were prevented from saving or submitting the data.
Dubbed #CensusFail, IT experts have slammed the poor preparation for the massive online event, while the Australian Bureau of Statistics' (ABS) chief statistician David Kalisch told the Australian Broadcasting Corporation (ABC) the "malicious" attack was one which attempted to compromise the security of the national survey.
"It was an attack, and we believe from overseas," Kalisch said on Wednesday, "it was quite clear it was malicious."
He said hackers tried four times to break into the ABS's data, and on the fourth attempt, the survey's website was deliberately shut down in order to protect the privacy of those who had managed to enter data.
"The first three (attacks) caused minor disruption, but more than 2 million forms were successfully submitted and safely stored," Kalisch said.
"After the fourth attack, which took place just after 7:30 pm (on Tuesday), the ABS took the precaution of closing down the system to ensure the integrity of the data.
"I can certainly reassure Australians the data they provided is safe."
After reassurances from the ABS and the federal ministers that the first ever online census would not susceptible to overloading or security threats, the government's worst fears were realized when an unprecedented number of Australians attempted to log onto the national survey's website after dinner at around 7:30 p.m. - the same time hackers attempted to attack the system.
At 11:30 on Tuesday evening, the ABS confirmed servers would not be back online that night, leaving millions of Australians frustrated and angry.
IT experts have slammed the process as amateur, and said it was "inevitable" that a cyber-attack was going to happen, while the government should have realized that a "spike" of citizens would attempt to log-on to the service after dinner.
Canberra-based software expert Paul Brebner told Fairfax Media that the ABS was prepared for 1 million people to be online at any one time when they really should have expected more than 3 million simultaneous users anytime between 6 p.m. and midnight.
He said the "load testing" undertaken by Revolution IT to test the capabilities of technology consultant IBM's eCensus operation underestimated the number of simultaneous users who would log on at one time. He said they assumed a "uniform load" would occur throughout the day, something which was never going to happen.
"You can't assume a uniform load across the 24 hours," Brebner told Fairfax Media.
"If they were expecting 16 million people over 24 hours, that would be okay, but that's not how loads on websites work at all. There's often one very big spike, and it's hard to see how long it will stay in that level."
IBM was reportedly paid more than 7.5 million U.S dollars by the government to develop the eCensus, while Revolution IT was given 360,000 dollars to load test the platform.
Both the ABS and the government had said the test had passed with flying colours, but eCommerce and IT expert Glenn Drew said the government gravely underestimated how much a safe, reliable and hacker-proof online census would truely cost
"7.5 million U.S. dollars seems like a lot but in reality it is 90 people working on the system for one year," he said on Wednesday.
"Break that up into admin, operations, software design, architecture, development, testing and go live, and it's a fairly limited budget for such a large-scale project."
Meanwhile IT security expert Steve Wilson from consultancy firm Lockstep told News Corp a cyber-attack of such a widely-publicized public online event was "inevitable."
"(The ABS) said this data is not identifiable, that the site is secure," Wilson said.
"It was red rag to a bull. A number of 'hactivists' would say 'I'm going to show you'.
"But there is very little you can do about a well organised distributed denial of service (DDoS) attack on finite budget."
As a result of the failed online census, the ABS and the government has told Australians they have until September 23 to fill out either the online form or the physical census form.
The government had previously said any late submission would result in a 140 U.S. dollar-per-day fine; however, that has been waived in the wake of the system collapse. Endit