Florida Election Cyber Attack: First Known Case in U.S. Won't Be the last


For the first time in United States history, an election, however small, was under a cyber attack and quite possibly could have changed the outcome of the election. These attacks will continue. 

The Miami Herald, which first reported the irregularities, said the fraudulent requests for ballots targeted Democratic voters in the 26th congressional district and Republicans in Florida House districts 103 and 112. Unlike Joe Garcia, who had a 5,000+ vote victory in his primary, primaries in district 103 and 112 could have been altered with a 1,200 vote shift.

More than 2,500 “phantom requests” for absentee ballots were sent to the Miami-Dade County elections website using a program that operated from computer IP addresses isolated in England, India, Ireland and other locations outside the United States. When election officials saw this, they immediately shut down the system and alerted the state attorneys office.

Overseas “anonymizers” — proxy servers that make Internet activity untraceable — kept the originating computers’ location secret and prevented law enforcement from figuring out who was responsible, according to the grand jury report. The case was officially closed in January without identifying a suspect. Shortly thereafter, a Miami Herald report claimed that three IP addresses from within the United States were sending these requests, a fact that was delayed getting to investigators. 

Fraudulently obtaining absentee ballots is just one way elections might be subverted by digital means. Other methods and attack points:

Malware: Rogue software designed to hide within archived files could be used to change votes or prevent voters from casting their votes.

DoS: By far the most widely known attack. DoS, Denial of Service, has shut down websites and services like Visa, Mastercard, and Paypal

Spoofing: Spoofing is a strategy that misdirects users to sites with known malware problems typically leading to a dead end.

Software Flaws: This is one of the most difficult intrusions to detect. Once you build software with a specific function in mind, and someone alters its use, it is extremely hard to detect. Here's an example

Email Tampering: Jeremy Epstein, a senior computer scientist at SRI International, when recently asked whether it was a good idea to have marked ballots returned via email,"The overwhelming consensus of the computer science community is don’t do it, it’s a bad idea.” This return is vulnerable because of the multiple avenues of intrusion along the ballots electronic path. 

This is a matter of national security. There is a legitimate possibility, due to the countless local election systems in use, that a similar, more sophisticated attack has already occurred and has gone unnoticed. Attempts to attack voting systems will continue. 

What if, instead of IP addresses from India, England, and Ireland, the addresses were proxied through locations within Florida's 26th, 103rd and 122nd districts? Officials could have seen this in a small district, sure. But 2,500, 5,000, and even 10,000 fraudulent absentee ballots could go unnoticed in Miami-Dade, a county that had 210,000 absentee ballots in the 2012 election alone. 

If the number of local and state elections using online resources continues to increase, so should its cyber defense; if not, these attacks will continue, become increasingly sophisticated, and go unnoticed.