Authorities have confirmed tor the first time ever, that hackers attempted and almost succeeded at rigging a Miami primary vote, uncovering underlying security issues with the online voting systems of the future. In the Miami-Dade primary election last August, requests for over 2,500 phantom absentee ballots flooded the Miami Dade voter registration site, a phenomenon which a grand jury has now confirmed came from hackers, reports MSNBC’s Gil Aegerter. Because it had some hallmarks of trickery, the election department’s software was able to halt the scheme before it actually affected the election. But, the scarier part is how easy the hack was to perform, as theMiami Herald‘s Patricia Mazzei explains. With a tiny bit more skill, this person could have bypassed the trigger that caught the hack. “And that, of course, is the most frightening thing: that any moderately or even marginally skilled programmer could have done this,” Steven Rambam, who reviewed the IP addresses associated with this hack told Mazzei. So, yeah, this is just the beginning.
Specifically, the still unknown party built a program that rapid-fire filled out online ballot requests user voter information for people who would likely not participate in a primary election. To make the absentee ballot requests seem legit, that person then made the IP addresses look like they came from a foreign country. This time, the requests were flagged as suspicious because they came in so quickly and also targeted Democratic voters in specific elections. In addition a Captcha system can also detect these types of automated requests. However, the president of the company that provides that software to Miami-Dade and 52 other counties admitted that’s not hard to bypass. “That’s a barrier, but I’m told that for someone who’s sophisticated enough as a programmer, they can get over that hurdle,” Jane Watson told Mazzei. Services out there would cost less then $0.001 per voter, claim resaerchers Aegerter spoke with.
In other words, this amateur situation could have turned out a lot worse if someone with a little more experience had attempted the hack. Plus, as Augeter notes, this is just one of many methods to fraud online voting systems.