At 7:55pm last last the Australian Bureau of Statistics shut down the Australian Census website, revealing this morning that the move was a precaution against a series of denial of service (DDoS) attacks. Two million Census forms were submitted before the site closed, which raises the question — is your data safe?
The official Census Australia twitter account wants to reassure everyone that not only is your data safe, but there won’t be any fines imposed for not completing the form on Census day.
We apologise for the inconvenience. The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity.
— Census Australia (@ABSCensus) August 9, 2016
The first three caused minor disruption but more than 2 million Census forms were successfully submitted and safely stored.
— Census Australia (@ABSCensus) August 9, 2016
After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.
— Census Australia (@ABSCensus) August 9, 2016
Steps have been taken during the night to remedy these issues, and we can reassure Australians that their data are secure at the ABS.
— Census Australia (@ABSCensus) August 9, 2016
ABS would remind Australians that they have plenty of time to complete the Census, to well into September.
— Census Australia (@ABSCensus) August 9, 2016
Fines will not be imposed for completing the Census after Census night.
— Census Australia (@ABSCensus) August 9, 2016
We expect to update you again at 9am on the timing of the resumption of availability of the Census online form.
— Census Australia (@ABSCensus) August 9, 2016
So what is a DDoS attack, exactly? For starters, here’s what one looks like (it’s actually kind of amazing):
It’s a simple concept — attackers overwhelm a site with traffic in an attempt to make it crash. In this case, the ABS believes the attackers are from “overseas” rather than the millions of Australians heading online to complete the survey. Finding the source of the attack is a difficult task, since most DDoS attacks are produced by thousands of bots from IPs all over the world.
So according to the information we currently have, with this being cited as a DDoS attack and not a data breach, what the ABS are saying about the safety of your information at this stage is accurate — it’s no less secure than it would have already been.