Canadian Broadcasting story: NDP gives up: convention cyber attacker remains a mystery <read>
The source of the cyber attack that disrupted voting at the NDP’s leadership convention in March remains a mystery, and further investigation to find out who was responsible has been dropped.
The NDP was the victim of what’s known as a distributed denial of service attack when thousands of members were trying to vote online throughout the day on March 24. These kinds of attacks result in websites crashing or slowing down because the server is flooded with bogus requests for access.
Legitimate voters couldn’t access the NDP’s website to vote and organizers ended up extending the time allotted for each voting round, delaying the final result until hours after it was expected. Thomas Mulcair was finally declared the winner at about 9 p.m.
Scytl Canada, the company contracted to run the voting, quickly detected what was going on soon after voting began that day and reacted accordingly. They were able to keep the voting going by increasing the system’s capacity and by blocking some of the bogus IP addresses.
Scytl, an international company based in Spain, conducted a forensic analysis after the convention but came up dry when trying to pinpoint exactly who was behind the co-ordinated campaign.
Several points worth noting and much to be learned from this story:
- A denial of service attack is about as simple as it gets. No insider knowledge required, no understanding of the details of the target application, no new technology to invent.
- Denial of service has its limitations. No votes are stolen, although many can be suppressed. The attack is obvious and will be detected.
- This was a highly professional system by a leading vendor. That was not enough to prevent the attack, yet expertise and preparation may have been a factor in limiting the disruption.
- In this case the disruption was moderately successful, in a relatively small election. A strong denial of service attacks have shut down highly regarded systems for longer periods, hours and days.
What value is an attack that everyone sees? That depends. Courts have been reluctant to grant re-votes, for good reasons. Results of a vote can depend strongly on the other races and issues on a ballot, get out the vote efforts, and even the weather. An apparently semi-successful attack like this one could be successful if it biased the results toward those who could be expected to have the time, opportunity, and inclination to keep trying, or those expected to vote at particular times of the day, or those expected to vote online if it is an alternative to in-person voting. Perhaps there is suppression in just one area with voters strongly favoring one party or ballot proposition, or there is a local contest that would be expected to have a different result it re-voted separately from a national or state-wide election. There is also the possibility of braking news just before or after the election that would change the result on a later vote.
