More details about exactly what lead to the Census website shutdown on 9 August have come to light — with The Australian Bureau of Statistics stating in a Senate inquiry IBM "failed to properly implement" geoblocking, leaving it wide open to denial of service attacks.
The inquiry looks at the preparation, administration and management of the 2016 Census by the ABS, and was published today.
Island Australia was the geoblocking service that was to be used in order to block international traffic from accessing the site, and correct implementation of it would have vastly reduced the risk of a DDoS being orchestrated, ABS says. DDoS protections were not independently tested by the ABS.
"During 2016, the ABS had sought and received various assurances from IBM about operational preparedness and resilience to DDoS attacks," the inquiry states. "At no time was the ABS offered or advised of additional DDoS protections that could be put into place. Additionally, no suggestion was made to the ABS that the DDoS protections that were planned were inadequate."
The ABS says it was a series of four DDoS attacks that ultimately resulted in the Census website shutdown to protect data — along with a router issue and the geoblocking failure. It has now been revealed it was at the time of the fourth DDoS that IBM router issues resulted in a reboot of the systems failing.
3.2 million calls to the ABS on census night were placed — of which 2 million went unanswered.
Surprisingly, since many were calling for a boycott of the Census due to privacy concerns, refusals are comparatively low. Half as many as in 2011, and most because of religious reasons.