Millions of Australian citizens hoping to take part in the country's first ever digital census were left frustrated on 9 August after the website used to complete the survey suffered a catastrophic meltdown.
The Australian Bureau of Statistics (ABS) has blamed the outages on a series of distributed-denial-of-service (DDoS) attacks from 'overseas hackers', however, the government has moved to assure citizens that no personal data was lost in the incident, which has since been branded a 'monumental failure' by critics.
Australian citizens are required to fill out national census forms every five years to provide key demographic information about those living in the country.
Up to two-thirds of Australians were expected to use the digital system for the first time this year, however, hackers were able to take the systen offline by overloading the websites' servers with malicious traffic.
David Kalisch, agency head of the ABS, said the census website had been targeted by "hackers" on at least four occasions and that it had to eventually be taken offline as a precaution.
"It was an attack, and we believe from overseas," he told ABC News Radio. "The Australian Signals Directorate (ASD) are investigating, but they did note that it was very difficult to source the attack."
He continued: "The online census form was subject to four denial of service attacks [...] more than 2 million forms were successfully submitted and safely stored. The scale of the attack, it was quite clear it was malicious. Steps have been taken during the night to remedy these issues and I can certainly reassure Australians that the data they provided is safe."
Others, including Prime Minister Malcolm Turnbull, have played down the attack and rushed to maintain that no data was compromised in the indecent.
"The one thing that is absolutely crystal clear is that there was no penetration of the ABS website," Turnbull said. "What you saw was the denial-of-service attack or a denial-of-service attempt which, as you know, is designed to prevent access to a website as opposed to getting into the server behind it. Some of those defences failed, frankly."
The news of a widespread crash was likely to have been unwelcome news for ABS boss Chris Libreri, who just prior to the attack told News.com.au: "We have load tested it at 150 percent of the number of people we think are going to be on it on Tuesday for eight hours straight and it didn't look like flinching. We wouldn't do it unless we were able to safely do it, we have evolved it and we are confident."
The series of suspected DDoS attacks came despite heavy investment in the country's digital census system. The ABS awarded a $9.6m contract to IBM to host the online census, while according to CRN Australia it also spent hundreds of thousands on contracts related to 'load testing'.
In an official statement, the ABS apologised to those unable to take part in the survey and moved to explain the full extent of the outages. "On 9 August, the ABS was subjected to an attempt to frustrate its collection of census data. Census security was not compromised and no data was lost," it said.
It added: "The ABS applied an abundance of caution and took the precaution of closing down the online census form to safeguard and to protect data already submitted, protect the system from further incidents, and minimise disruption on the Australian public of an unreliable service."
"Not a hack"
The ABS said that after 'reviews' it has confirmed that the attack was "not a hack" – a statement that appears to contradict claims from other officials in the organisation. It said that no fines will be enforced on those unable to take the census survey.
It added: "The ABS apologises to the Australian public for inconvenience caused and reassures Australia that no data has been lost or compromised. The ABS has an unblemished record of protection of data and there has never been a breach in relation to Census data."
Independent Senator Nick Xenophon, who previously spoke out about concerns about the security of the digital system, called the outages "a monumental failure of a government program of the first order'' and called for an inquiry to be launched.
He said: "For the ABS, for the government to say this is not a cyber-attack is a bit like Monty Python's Black Knight saying he just copped a flesh wound.'
"They said everything was okay,'' he continued. "It is now apparent that the government and the ABS were a bit like the captain of the Titanic as he sailed into the ice pack – saying the census was unsinkable. I note my concerns were also dismissed by the Labour Party.
"It is a failure by the ABS, by the relevant minister, and the government. And it is a catastrophic failure of the government's information security framework when a key government program is effectively shut down by overseas hackers."
He added: "The government needs to provide a much great level of assurance of the security of the census than was provided in their press conference earlier today. If they cannot do so in the next 24 hours, they need to seriously consider putting the census on hold until an urgent and rigorous inquiry is conducted.''
At the time of writing, the website was still offline. Meanwhile, amid the chaos, users on Twitter were happy to do what they do best and turn the entire situation into a meme under the hashtag #CensusFail.