An online attack that delayed the results of the NDP’s 2012 leadership vote succeeded because it hit the party’s website, not the site of the company running the online vote, a company representative says. The voting that chose Tom Mulcair as the New Democratic Party’s leader was besieged by a “distributed denial of service” attack, which bombards a server with repeated attempts at communication to try to slow it down or crash it altogether. The process was delayed by several hours and left many delegates complaining they couldn’t access the site to cast their ballots. At the time, neither the NDP, nor Scytl, the company that provided the online voting service, would explain beyond saying it was a denial of service attack. But Scytl representatives now say the attack hit the NDP’s website and that its own technology was never compromised.
The problem stemmed from a link on the New Democrats’ website that directed members to Scytl’s secure website, allowing the denial of service attack to hit a public page. “The attack was focused on the NDP website,” said Mark Pivon, a sales director for Scytl. “It was not a reflection of us. The attack was focused on their website and so … people couldn’t access the link to get to the vote.”
The company’s director of operations for Canada said it’s impossible to guarantee nobody will try to attack or hack a vote and emphasized that the voting data was never compromised. “We cannot guarantee, just like we cannot guarantee that nobody will ever try to open the door in your house [to break in],” Richard Catahan said. “You’re only as strong as your weakest link.”