Census 2016: Hacked

After the Census debacle on Tuesday night, this morning the ABS has claimed that the census website was hacked and subjected to four malicious attacks, probably from overseas.

What happened?

On Tuesday night, the #censusfail hashtag was trending on Facebook and Twitter after the website crashed in a spectacular fashion, locking out millions of users. This is despite reassurances that the ABS had spent hundreds of thousands of dollars on load-testing for the website.

Sorry, but I couldn't resist#CensusFail pic.twitter.com/rGUQJGVUHE

— Ben Eltham (@beneltham) August 9, 2016

This morning, ABS has tweeted that the Census website was the target of four malicious cyber attacks.

We apologise for the inconvenience. The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity.

— Australian Bureau of Statistics (@ABSStats) August 9, 2016

After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.

— Australian Bureau of Statistics (@ABSStats) August 9, 2016

This hacking took the form of DDoS (Distributed Denial of Service) attacks.

DDoS is where hackers flood a single website with multiple requests for access, causing it to ‘deny service’ to legitimate users because of an overload of the system. The difficulty with tracing the hackers origin comes from the form of attack itself: they infect thousands (or perhaps more) of pieces of legitimate hardware through internet trojans and then send the requests through these unwitting ‘zombie’ servers.

Why?

This is the key question. Why would the hackers overload the Australian Census website?

There are a few potential reasons.

Extortion: DDoS hacks are often used as a form of extortion. The hacker floods the website and then demands a ransom to stop the attack. In this instance, extortion is unlikely. If a ransom has been demanded, the public have not heard about it.

Internal Political Activism: Crashing the website has caused great embarrassment for the Australian Government and Bureau of Statistics, as seen by the trending #censusfail hashtag.

International Attack: Many sources are saying that it is likely to attack originated from overseas, indicating that there is perhaps a foreign presence involved. However, the very nature of the DDoS attack makes it extremely difficult to trace.

Site overload: Some articles are arguing that there were no cyber attacks, and this was all a natural result of several million people trying to login to one website at the same time. In this case the ABS is either deflecting blame (onto hackers) or mistaken in believing there were DDoS attacks on Tuesday night.

Vote below on the reason you think most likely!

https://www.playbuzz.com/aussieg10/australian-census-hacked

Is your information safe?

The ABS and the Government has reassured the public that their personal information was safe; in fact, they shut down the website last night to ensure the privacy of those who had already filled out the forms.

Australian Privacy Commissioner Timothy Pilgrim said that his “first priority is to ensure that no personal information has been compromised as a result of these attacks.”

However, with the previous concerns about information being held for up to four years and then this current debacle, confidence in the online census system is fading fast.