Many Australians were unable to complete the Census on August 9 due to the Census website failing.
The first three [attacks] caused minor disruption, but more than two million forms were successfully submitted and safely stored.
After the fourth attack, which took place just after 7.30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.
Like many government information systems, the Census site was outsourced to an external contractor: IBM. As well as writing the software required for the website, IBM was responsible for providing the computers that hosted it.
All of this is routine for IT projects, both government and commercial. And while reasonably large, the legitimate traffic generated by the Census is dwarfed by the traffic on websites like Google, Facebook and even the nonprofit Wikipedia.
Denial-of-service attacks are deliberate attempts to render a computing service unavailable.
Such an attack can be performed in many ways, including interfering with physical infrastructure. However, the most common denial-of-service technique used against publicly available websites is to overwhelm it with huge numbers of requests, overloading the servers and crowding out legitimate users.
Typically, the requests come from “botnets”, which are large groups of computers – often home PCs or other poorly-defended devices – that have been taken over by hackers and are then misused for “distributed” denial-of-service attacks" (DDoS attacks). DDoS attacks have been used by activist hackers, cybercriminals and even state-sponsored hackers.
While the controversy surrounding the privacy implications of the 2016 Census may not have been anticipated by the ABS, a denial-of-service attack against the Census infrastructure was always possible and should have been anticipated – especially a DDoS launched by privacy activists.
There are a number of ways in which the dangers of a DDoS can be mitigated. It is unknown at this point what measures the ABS and its contractors took to prepare for the possibility.
Poor capacity planning?
From the perspective of the computers straining under the load, a DDoS attack is indistinguishable from a larger-than-expected number of users attempting to access the system at once.
The public statements of the ABS before Census night cast some doubt on whether the system was adequate to cope with even legitimate demand.
The head of the ABS, Chris Libreri, had earlier claimed that its systems had been tested to cope with the load of actual Census submissions:
We have load tested it at 150% of the number of people we think are going to be on it on Tuesday for eight hours straight and it didn’t look like flinching.
The ABS stated that its website was designed to handle 1,000,000 form submissions per hour. However, around 18 million Australians live in the eastern states, which equates to about 7 million households.
If even 50% of those households attempted to submit their census during the evening hours from 7pm to 9pm, that would equate to 1.75 million form submissions per hour, 75% more than the reported capacity of the site.
Furthermore, it’s unlikely that traffic would be uniform within that time period. “Spikes” in traffic – perhaps after popular television shows ended – could potentially have overloaded the infrastructure even further.
It seems almost incredible that the team responsible for the contracting would collectively make such an error in their capacity estimates.
Regardless of the details of the attack, and whether other aspects of planning were inadequate, the Census failure will go down as another example of a failed “Big Bang deployment”.
A Big Bang occurs when an IT system is deployed on a large scale, all at once, and is required to work first time. The US healthcare.gov website, the Queensland Health payroll system that failed so spectacularly in 2010, and even Channel 7’s Olympics app are examples of such all-at-once rollouts running into difficulty.
The lessons for proponents of online voting should be clear.