10/08/2016 2:04 PM AEST | Updated 10/08/2016 6:05 PM AEST

The Most Likely Explanation For #CensusFail Is The Simplest

The ABS simply may not have been prepared for the volume of people on its site.

Doubt has been cast on claims that the 2016 Census was subject to a denial of service (DoS) attack, with cyber security experts saying the ABS may not have been fully prepared for the number of people filling out the questionnaire online.

The Australian Bureau of Statistics forcibly crashed the 2016 Census website on Tuesday night as millions of Australians were attempting to fill out the compulsory, five-yearly, survey, and attributed the shutdown to a failed router, geo-blocking not operating correctly and four 'denial of service' events on the website.

The DoS attack or event, depending on who you ask, is the digital equivalent of someone parking their truck across your driveway to stop vehicles coming in and out, the government has said.

DoS attacks can be used to obscure actual hacking attacks, however some cyber security experts have questioned whether there was an an actual attack. Others say if there was, the ABS cannot guarantee it wasn't hacked.

They may not have been prepared for the number of people they have herded into this electronic pen.

But it's most likely the network was simply overloaded by traffic, said the University of Melbourne's Dr Suelette Dreyfus.

"They said that there was a traffic increase at about 10 in the morning, and then another traffic increase at 11.46am, or just before lunch," she told The Huffington Post Australia.

"So it's possible that it was a set of people who were just logging on at lunch time to fill out their Census."

Dr Dreyfus also acknowledge that the use of Virtual Private Networks (VPNs), which thousands of Australians use to access American servers for Netflix, iTunes and Amazon, could possibly have contributed to the problem.

"Theoretically, it is possible they could have been using VPNs to log in. We don't know that, we don't know the details because they haven't shared them."

HuffPost Australia asked Dr Dreyfus if it was possible the ABS could have mistaken multiple attempts to log on as a DoS attack.

"Either that, or they didn't have confidence in their own system's robustness to handle heavy load," she said.

The minister responsible for the Census, Michael McCormack, said on Wednesday it was neither a hack or attack on the website, which was shut as a precaution. Firewalls on the website were not breached, he said.

Special cyber security adviser to the Prime Minister, Alastair MacGibbon, told reporters in Canberra he was not using the word attack or hack to explain the incident.

"There was no breach, there was no intrusion, there was no hack. This was a denial of service."


"What the unknown is is the volume of data linked to those denial of service attacks," said Professor Matthew Warren from Deakin University's School of Information and Business Analytics.

He told HuffPost Australia that if the volume of data being thrown at the ABS was high enough, they would have no choice but to shut down.

"There are still some missing items, but what it does imply is that the data in the Census system is safe but the data that would have been in transaction... may have been lost.

"They do have an issue over what to do with the data in transaction."

But the government on Wednesday said there was no capacity issue with the ABS system.

"We were receiving forms at a rate of 150 per second," said MacCormack.

"Our capacity is 260. The denial of service breached the online form because it didn't get caught up by the GEO blocking. That was the aspect in the protection system that didn't operate fully."

But Dreyfus said it appeared as though the DoS incident coincided with a system meltdown.

"They may not have been prepared for the number of people the have herded into this electronic pen," Dreyfus said, in reference to the ABS's ambition that 65 percent of households complete the Census online.

"There needs to be a proper, independent, transparent, public inquiry in to this. I would like to know whether or not this DoS attack was of any real significant substance."