"It was an attack, and we believe from overseas ... It was quite clear it was malicious," chief statistician David Kalisch told ABC radio on Wednesday. Australian Bureau of Statistics chief statistician David Kalisch. Credit:Rohan Thomson The census was targeted by four distributed denial of service (DDoS) attacks, Mr Kalisch said. A DDoS is a cyber attack in which hackers attempt to crash a system by flooding it with bots - or Trojan - accounts. The first three caused minor disruptions and did not stop more than 2.33 million census forms from being "successfully submitted and safely stored", he said. But the site was shut down after a "gap" in the system's security measures was found during a fourth attack, Mr Kalisch said.

"After the fourth attack, which took place just after 7.30pm [on Tuesday AEST], the ABS took the precaution of closing down the system to ensure the integrity of the data. An error message seen when trying to submit the census. Credit:Liam Phillips "I can certainly reassure Australians the data they provided is safe," Mr Kalisch said. Australian Signals Directorate - an intelligence agency within the Australian Department of Defence - is investigating the DDoS source.

Contradictions: ABS attack, hack or 'draw' In a press conference on Wednesday, Mr Kalisch described a "confluence of events" that caused the fiasco: the system's geo-blocking protection was not working effectively, a hardware router failed, and a monitoring system "threw up queries we needed to investigate". Asked why he had not informed the public of the disruptions earlier in the day, Mr Kalisch said" "I didn't think it was appropriate for me to signal that was happening ... we had managed it effectively, the system was operating." Despite the ABS chief repeatedly referring to the incidents as "attacks", the minister in charge of the census, Assistant Treasurer Michael McCormack said it was not an "attack". "This was not an attack. Nor was it a hack but rather, it was an attempt to frustrate the collection of Bureau of Statistics Census data," Mr McCormack said.

"ABS census security was not compromised. I repeat, not compromised, and no data was lost." "The good news is the firewalls held up," the minister said. Prime Minister Malcolm Turnbull's cybersecurity adviser said the tussle between ABS protections and the would-be hackers ended in "a draw". "I would say they successfully caused frustration," Alistair MacGibbon said. "In this case what I'd say, it almost ended up a draw. They managed to tip over some systems. The ABS made a decision to turn that website off in order to ensure that the data wasn't compromised," Mr MacGibbon.

Mr Turnbull promised a standard post-census review would investigate what went wrong, but emphasised that "there was no penetration of the ABS website" and that no private information had been compromised. ABS 'not prepared' for attack a child could pull off As investigators probe the source of the attack, the government declined to give credence to suggestions the hackers could be a foreign power, or bit-players operating in their bedroom. But at face value, the DDoS attack appears to be little more than the kind of cyber mischief that causes minor annoyances to countless sites everyday. "What is surprising is that they weren't resilient. With a massive system like this ... this is what you should expect," security adviser Troy Hunt told Fairfax Media.

"Many times it's literally just children mounting these attacks," he said. "It [raises] the question of what DDoS mitigation they had in place. Because it clearly didn't work." A handful of Twitter users from the IT crowd pointed to digital attack maps that showed no DDoS activity in Australia on Tuesday. Privacy Commissioner investigates

Australian privacy commissioner Timothy Pilgrim will investigate the ABS over cyber attacks that threatened the census. "Based on these reports, I am commencing an investigation of the Australian Bureau of Statistics in regards to these cyber attacks, under the Australian Privacy Act 1988," Mr Pilgrim said in a statement. "My first priority is to ensure that no personal information has been compromised as a result of these attacks," he said. The commissioner said his office was briefed by the ABS on the privacy protections in place for the census. How census night unfolded

The bureau had dismissed suggestions an overload could cause the system to crash earlier in the day. But as an estimated 16 million people logged on to the census website on Tuesday night, they were met with error messages and told the system was "overloaded" before the website crashed. The troubles began about 5pm on Tuesday, when people trying to access the form were stopped by messages including a "code 31" error, which said the request "could not be completed because a problem was encountered". The frequency increased as the evening neared and many Australians trying to reach the census site after 7pm couldn't connect. Over the past 24 hours, #censusfail had amassed more than 80,000 tweets. The tweets peaked about 9.30pm on Tuesday, hovering about 300 tweets a minute.

The ABS had shut down the site at 7.45pm. But the bureau did not release a statement advising the website was unavailable until about 11.30pm. Earlier advise from the ABS was that they were "experiencing an outage". The ABS chief said he believed the details of people - including the Prime Minister - who had successfully accessed the site were secure. "Steps have been taken during the night to remedy these issues and I can certainly reassure Australians that the data they provided is safe," Mr Kalisch said.

Mr Kalisch said he expected the site would be back online about 9am on Wednesday. However, by 1pm the site still was not back up. Australians who failed to fill out the census because of the website outage will not be fined, and have until September 23 to complete the survey, the federal government says. Boycott justified?

The census was plagued by a growing boycott over fears of potential privacy breaches. Asked if the debacle confirmed fears over the security of the information, Mr Kaslisch said: "If anything, it actually confirms the strong position that the ABS has taken in terms of security the integrity of the data." "The data that comes to ABS is encrypted and it was secured and received safely at the ABS ... we have it at the ABS no one else has it," he said. The ABS controversially switched to an opt-out online format this year and moved to store personal data for four years rather than 18 months. Although the names will be destroyed after those four years, the ABS created linkage keys that link names to other data it collects, which will be kept indefinitely.

However, the ABS says that staff cannot get back to the name, once it is destroyed, from the other data via the key. The census was delivered by technology company IBM using its Australian SoftLayer cloud. Figures from the Australian government's procurement agency AusTender show IBM was paid more than $9.6 million in 2014 to design, develop and implement the "eCensus". Melbourne-based company Revolution IT was also paid $378,332 for IT consulting and "load testing" on the census and agricultural census. "Load testing" is a process intended to ensure a website can handle a high volume of simultaneous users without crashing. 'Worst-handled census in history' Independent senator Nick Xenophon, who had refused to put his name to the census, questioned how the public could still trust the ABS and its privacy assurances.

He demanded the agency explain where the attack came from and whether it really was an attempted hack or just a system overload. "I think they need to 'fess up," he told ABC radio, demanding a Senate inquiry. Labor stopped short of calling for Mr McCormack, to resign. Shadow assistant treasurer Andrew Leigh told Fairfax Media there should be "a full reckoning" in the form of an inquiry. "We need an open and transparent inquiry as to what went wrong in the 2016 census, which looks to be the worst-handled census in Australian history," he said. Dr Leigh said the Turnbull government had taken a "hands-off approach" to the census, including appointing three different ministers over 12 months, and could not "palm off" responsibility for the failure on to ABS bureaucrats.

No matter what happens next, he suggested the value of the census had been gutted because it had failed to take a "snapshot" of the country on the night of August 9. "The quality of the data for the 2016 census has clearly been compromised," Dr Leigh said. "That's because we haven't got the high on the night response rate that we've seen in previous censuses." Timeline to meltdown Tuesday 10.08am: Australian Bureau of Statistics online monitoring systems detected a significant increase in traffic. It lasted 11 minutes causing a system outage of five minutes. The traffic increase was suspected to be a denial of service and investigations were commenced by ABS and IBM. 11.46am: Another increase in traffic was observed consistent with a second denial of service. A mitigation response plan to block all international traffic was activated at 11.50am, which immediately stopped the event. The ABS kept the block on all international traffic until midnight.

11.55am: The incident was reported to the Australian Signals Directorate to seek advice on prevention of further incidents or any intelligence-related threat to the ABS. 4.58pm: An increase in traffic was defended by network firewalls. Additional measures were taken to prevent further attempts of this type. 6.15pm: A small-scale denial of service was attempted on the ABS website and stopped by the standard denial of service protections. 7.30pm: The online census form monitoring systems detected a significant denial of service. This event took a different form from those before, as there was a large increase in traffic with thousands of Australians logging on to complete their census. 7.45pm: The ABS shut down the online form to protect the system from further incidents.

8.10pm: Assistant Treasurer Michael McCormack's office was informed. 8.14pm: Mr McCormack was called and returned to Parliament House. 8.32pm: Mr McCormack notified Prime Minister Malcolm Turnbull and Treasurer Scott Morrison. 8.50pm: The online form system was restored. However, overload protocols were activated to prevent connections until the systems and their integrity could be assessed. At this time the ABS provided a public message through social media and the ABS website to indicate there was a system outage and to try again later. Loading

11pm: ABS issued a public message advising that the form would not be available for the remainder of the night and updates would be provided in the morning. With Tim Biggs, Michael Koziol and Georgina Mitchell