An attempt to illegally obtain absentee ballots in Florida last year is the first known case in the U.S. of a cyberattack against an online election system, according to computer scientists and lawyers working to safeguard voting security. The case involved more than 2,500 “phantom requests” for absentee ballots, apparently sent to the Miami-Dade County elections website using a computer program, according to a grand jury report on problems in the Aug. 14 primary election. It is not clear whether the bogus requests were an attempt to influence a specific race, test the system or simply interfere with the voting. Because of the enormous number of requests – and the fact that most were sent from a small number of computer IP addresses in Ireland, England, India and other overseas locations – software used by the county flagged them and elections workers rejected them. Computer experts say the case exposes the danger of putting states’ voting systems online – whether that’s allowing voters to register or actually vote. “It’s the first documented attack I know of on an online U.S. election-related system that’s not (involving) a mock election,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who is on the board of directors of the Verified Voting Foundation and the California Voter Foundation.
Other experts contacted by NBC News agreed that the attempt to obtain the ballots is the first known case of a cyberattack on voting, though they noted that there are so many local elections systems in use that it’s possible that a similar attempt has gone unnoticed.
There have been allegations of election system hacking before in the U.S., but investigations of irregularities have found only software glitches, voting machine failures, voter error or inconclusive evidence. Where there has been evidence of a computer security breach — such as a 2006 incident in Sarasota, Fla., in which a computer worm that had been around for years raised havoc with the county elections voter database — it was unclear whether the worm’s appearance was timed to interfere with the election.
In any case, experts say they’ve been warning about this sort of attack for years.
“This has been in the cards, it’s been foreseeable,” said law Professor Candice Hoke, founding director of the Center for Election Integrity at Cleveland State University.