Canada: NDP gives up: convention cyber attacker remains a mystery | CBC News

The source of the cyber attack that disrupted voting at the NDP’s leadership convention in March remains a mystery, and further investigation to find out who was responsible has been dropped. The NDP was the victim of what’s known as a distributed denial of service attack when thousands of members were trying to vote online throughout the day on March 24. These kinds of attacks result in websites crashing or slowing down because the server is flooded with bogus requests for access. Legitimate voters couldn’t access the NDP’s website to vote and organizers ended up extending the time allotted for each voting round, delaying the final result until hours after it was expected. Thomas Mulcair was finally declared the winner at about 9 p.m. Scytl Canada, the company contracted to run the voting, quickly detected what was going on soon after voting began that day and reacted accordingly. They were able to keep the voting going by increasing the system’s capacity and by blocking some of the bogus IP addresses. Scytl, an international company based in Spain, conducted a forensic analysis after the convention but came up dry when trying to pinpoint exactly who was behind the co-ordinated campaign. “They weren’t able to locate the ultimate source of where this was all programmed,” said Chantal Vallerand, acting director of the NDP.

Washington: Yakima woman mystified to find herself as a candidate on ballot | Yakima Herald-Republic

Sarah Glasscock of Yakima opened her primary ballot envelope Sunday intending to familiarize herself with the candidates and the issues. One named leaped off the page: Her own. Glasscock saw her name on the ballot as a candidate for a Republican precinct committee post in Precinct 110, an area along West Yakima Avenue. Problem is, Glasscock didn’t file a candidacy declaration and she’s not a Republican. Should she gain the most votes among the three candidates, she could resign. That’s not the problem. The problem is how her name appeared in the first place.  The intrigue includes her declaration arriving as a fax from a New Jersey phone number that belongs to a marketing office for the Japanese manufacturing firm Miki Sangyo. According to its website, the diversified firm has interests in specialty chemicals, pharmaceuticals, semiconductors, specialty paper and opticals.

Georgia: Kemp says lawmakers will have to consider ending runoff elections in Georgia | AJC

State lawmakers will have to consider getting rid of runoff elections in Georgia next year – at least those involving federal candidates in general elections – because of a recent ruling by a U.S. district judge requiring 45 days for ballots cast by members of the U.S. military to make their way home, Secretary of State Brian Kemp on Monday. Ballot requirements insisted on by the U.S. Justice Department and upheld by the court last week all but invalidate a current state law requiring that winners in all general elections receive 50 percent plus one vote, Kemp said – given that federal runoffs in those contests would have to be delayed until late December. “We’d be voting during Christmas. There may be people getting certified while other people are getting sworn in. It’s really a logistical nightmare,” Kemp said.

South Korea: Divided progressive party’s online leadership election marred by server error | Korea Times

The ongoing leadership election of the Unified Progressive Party (UPP) has been suspended due to errors in its server for online voting, party officials said Wednesday, amplifying uncertainties for the left-wing party beleaguered by an escalating factional conflict over alleged primary rigging earlier this year. The minor party with 13 seats in the 300-member National Assembly is set to elect its new leadership this week after a faction of alleged pro-North Korean forces lost power after it was found to be involved in the rigging of the party’s proportional representative primary for the April general election. … According to party officials, the server for online voting stopped at around midnight due to unidentified causes, resulting in a loss of the data collected since Monday. “Due to server problems, part of the voting results are missing and it is hard to restore them,” said an official of the party’s reformist emergency committee.

National: E- Voting: Trust but Verify | Scientific American

With the Presidential elections looming up, some have been asking why the United States is not making more of electronic voting. It’s being adopted in many other countries around the world, with India, Brazil, Estonia, Norway and Switzerland as notable examples.   However, the United States has several examples in recent years where it has backed out of electronic voting that it had already implemented. For example, in 2010, a trial system for remote voting over the Internet in Washington DC (known as the “Digital vote by mail”) was shown to be vulnerable, when it was penetrated by a research team from the University of Michigan, demonstrating how a real attack could render any results unsound, without detection. The attack was documented in a recent paper by researchers from the University of Michigan. So who is right?

Canada: Nova Scotia town approves online voting bylaw | The Vanguard

The Municipality of Argyle has voted to approve a bylaw that paves the way for electronic and telephone voting in this October’s municipal elections. The municipality held a public hearing on the bylaw prior to its June 12 meeting, although the hearing didn’t attract any members of the public. In the upcoming fall vote there will be no paper ballots in the Municipality of Argyle, but there will still be some polling stations. The Town of Yarmouth, which is also going strictly with electronic (computer) and telephone voting, also won’t have paper ballots in this fall’s vote. The town will have one polling station set up at the town hall with computers and telephones, and at which people can get assistance, if required, to vote.

Canada: Cities pondering move to online voting | Edmonton Journal

Edmonton, St. Albert and Strathcona County want to push ahead with Alberta’s first test of Internet voting during next year’s civic election. The three communities are interested in allowing people who can’t reach a regular polling booth to vote online instead of mailing in their ballots, according to a report released Thursday. The move requires a change to the provincial Local Authorities Election Act, and though Alberta Municipal Affairs is interested, it needs letters of support from councillors before it will act.

California: Firewall to Blame for San Diego County Registrar of Voters’ Website Outage on Election Night | San Diego 6

The San Diego County Registrar of Voters’ website went out of service on election night because a firewall detected an attempt to overload the site, officials said Thursday, adding that an investigation was being conducted. Sdvote.com went down soon after initial results were posted after 8 p.m. Tuesday, and the site remained inoperative for about two hours. Access to the site was also spotty after midnight. Residents and local politicos use the site to track results. The county also uses its information technology to send a direct feed of results to news media, but that feed was not interrupted. According to a county statement, sdvote.com began receiving well over 1 million hits per minute from a single Internet protocol address around 8:15 p.m., so a firewall that recognized suspicious activity shut down outside access to county websites. Investigators said they believe the “denial of service” attack was launched against the site to prevent legitimate users from obtaining information. It was unknown if the attack was meant to disrupt the election itself, according to the county.

France: French E-voting portal requires insecure Java plugin | ZDNet

Imagine you’re an ordinary citizen who wants to vote online. As an IT security conscious user knowing that in 2012 the majority of vulnerabilities are found in third-party applications compared to Microsoft’s products, you regularly check Mozilla’s Plugin Check service to ensure that you’re not using outdated browser plugins exposing you to client-side exploitation attacks served by web malware exploitation kits. What seems to be the problem? According to Benoit Jacob, the problem starts if you’re a French citizen wanting to vote online, as the country’s E-voting portal currently doesn’t support the latest version of Java. If that’s not enough, the portal recommends users to switch to an alternative browser since Firefox blocks older Java plugins for security reasons, or use the insecure Java version 1.6.0_32.

California: San Diego Registrar of Voters Says Glitch Brought Down Results Website | San Diego 6

The San Diego County Registrar of Voters office website crashed Tuesday night soon after posting its initial results from mail-in ballots and other early voting. Registrar Deborah Seiler told a local media outlet that some kind of glitch prevented results from being posting to the website, but there was no problem counting votes. The entire website was down for about two hours, until it returned around 10:20 p.m.

Maryland: Election board looks at online ballot marking | MarylandReporter.com

The State Board of Elections may move to implement an online ballot marking system for all absentee voters in time for this year’s elections, depending on an opinion from the attorney general. But some voter advocacy groups worry about the potential for fraud. The move to online ballot marking comes after a 2010 federal mandate that required states to provide overseas voters and active military personnel with access to online absentee ballot applications. The attorney general’s opinion, requested by Sen. Edward Kasemeyer, would say whether or not the elections board should seek federal and state certification for the online ballot marking tool. The board staff is currently developing the device through a Department of Defense grant. Certification would test the system and look for vulnerable areas, including where fraud or manipulation could occur. All whole voting systems are federally required to receive certification, but the state board argues the ballot marking tool would be only part of a voting system.

National: Flame: Massive, advanced cyber threat uncovered | GovInfo Security

Highly sophisticated malware being used to spy on several countries, mostly in the Middle East, that has been around for more than two years has been discovered by Kaspersky Lab, the research arm of the Russian security products company announced May 28. Detected by researchers as Worm.Win32.Flame – or more simply, Flame – it’s designed to carry out cyber espionage and steal valuable information, including, but not limited to, computer display contents, information about targeted systems, stored files, contact data and audio conversations, Kaspersky Lab says.Kaspersky Lab’s chief security expert, Alex Gostev, characterizes Flame as a super-cyberweapon such as Stuxnet and Duqu, and in his blog contends it’s “one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

National: Flame: Massive cyber-attack discovered, researchers say | BBC

A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said. Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010. The company said it believed the attack was state-sponsored, but could not be sure of its exact origins. They described Flame as “one of the most complex threats ever discovered”. Research into the attack was carried out in conjunction with the UN’s International Telecommunication Union. They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia. In the past, targeted malware – such as Stuxnet – has targeted nuclear infrastructure in Iran. Others like Duqu have sought to infiltrate networks in order to steal data. This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky’s chief malware expert Vitaly Kamluk.

National: Spanish company’s control of online voting in US is a disturbing trend | South Lake Press

Former Russian dictator Stalin said, “It’s not who votes that count, it’s who counts the votes.” Maybe President Obama knew something Americans didn’t know. In January, Congress allowed the largest vote-processing corporation in America, the Tampa-based software company SOE, to be bought by the Spanish online voting company SCYTL. This is a major step towards global centralization of all election processes. SCYTL, whose funding comes from international venture capital such as Balderton, is run by Goldman Sachs veterans Tim Bunting and Mark Evans. Based in Barcelona, Spain, it is rumored the CEO Pere Valles is a socialist who donated heavily to the 2008 Obama campaign. Valles lived in Chicago while Obama was a senator. SCYTL runs elections in numerous countries, such as England, France, Canada, Norway, Switzer-land, India, Australia, South Africa and the United Arab Emirates. In 2010, it was involved in modernizing election systems for the mid-term elections in 14 American states.

New Jersey: Mayor, son, arrested on charges they nuked recall website | Ars Technica

The mayor of a small New Jersey hamlet has been arrested, along with his son, on federal charges that they shut down a website advocating the mayor’s recall after breaking into the online accounts of political foes. According to federal officials, Felix Roque, the 55-year-old mayor of West New York, New Jersey, and his son, Joseph Roque, 22, were arrested early Thursday morning by FBI agents. In February, the pair planned and executed the silencing ofwww.recallroque.com by gaining unauthorized access to the GoDaddy account used to control the domain name. An FBI special agent filed documents with these allegations in a New Jersey federal court. The father-and-son team also obtained e-mails and messages sent among opponents after gaining unauthorized access to e-mail and Facebook accounts. “I have always treated you with respect and courtesy, but I have copies of everything sent to the website and communications with names,” Mayor Roque wrote in an e-mail to one of the opponents, whose identity had remained unknown to the Roques until they gained illegal access to the accounts. “Remember, I am in the Army with many friends.”

Wisconsin: Donations to Scott Walker Flagged as Potential Fraud | ProPublica

When MaryAnn Nellis tried to pay for groceries on April 14, her credit card was declined. Later, she said, she found out why: Her credit card company, Capital One, had flagged an earlier purchase as potentially fraudulent. The problem? A $5 donation to Friends of Scott Walker, the Wisconsin governor’s campaign committee, Nellis said. Nellis told a Capital One representative she had not made the donation to Walker, who is fighting an effort to recall him as governor in a closely watched, expensive election set for June 5. “Over my dead body,” said Nellis, a potter and retired teacher in upstate New York who describes herself as “adamantly angry and upset” at Republicans such as Walker. Nellis disputed the charge and she was issued a new card. Though the amount of money was small, ProPublica decided Nellis’ complaint was worth following up. There have been other reports recently about insecure campaign-donation websites and the potential for fraud. Earlier this month, The Washington Times reported that Restore Our Future, the super PAC supporting Republican Mitt Romney, was using a collection system that made online donors’ credit card informationaccessible to even amateur snoopers.

National: Internet voting still faces hurdles in US | The Economic Times

Shop online. Bank online. Why not vote online? Pressure is building to make Internet voting widely available in the United States and elsewhere, even though technical experts say casting ballots online is far from secure. In the 2012 US elections, more than two dozen states will accept some form of electronic or faxed ballots, mostly from military or overseas voters, according to the Verified Voting Foundation. But there is a growing expectation that online voting will expand further. “The number one question I’m asked is when we will get to vote on the Internet,” Matt Masterson, Ohio’s deputy election administrator, told a Washington forum this month. “When you are doing everything else on the Internet and your comfort level is high, people expect to do that… You can adopt a child online, you can buy a house online without ever seeing it.” But computer security specialists say any system can be hacked or manipulated, and that unlike shopping and banking, the problem cannot be fixed by giving the customer a refund.

National: NIST: Internet voting not yet feasible | FierceGovernmentIT

Internet voting is not yet feasible, researchers from the National Institute of Standards and Technology have concluded. “Malware on voters’ personal computers poses a serious threat that could compromise the secrecy or integrity of voters’ ballots,” said Belinda Collins, senior advisor for voting standards within NIST’s information technology laboratory, in an May 18 statement. “And, the United States currently lacks an infrastructure for secure electronic voter authentication,” she added. Collins released the statement in response to an inquiry from Common Cause, a Washington, D.C. nonprofit active in campaign finance and election reform.

National: Americans Elect Ends Online Primary After No Candidates Qualify To Run | ABC News

Americans Elect, the group that aimed to nominate a third presidential candidate through an online primary, ended its nomination process today after no prospective candidates met their minimum requirements. To run in its online primary a candidate had to get 10,000 “clicks” of support (1,000 in at least 10 states). Buddy Roemer was the closest to reaching that goal, but he got less than 6,300 “supporters. As of this week, no candidate achieved the national support threshold required to enter the Americans Elect Online Convention in June,” the group said in a statement. “The primary process for the Americans Elect nomination has come to an end.”

Editorials: With Failures Rapidly Mounting, What Is Americans Elect’s End-Game? | AE Transparency

Having now been forced to cancel two primary ballots in a row due to the American electorate’sutter failure to respond to its spiel, Americans Elect may now be judged by any rational observer of the political scene to be an abject failure, and dead in the water. So what happens now? When Americans Elect’s predecessor, Unity08, failed similarly in 2008 (albeit much earlier in its existence, before a single ‘vote’ had been cast), that organization simply silently evaporated. That was really the only option available to Unity08’s leadership, because it was a worthless property: it was merely a thin web site, with no money behind it, and its founders had scattered to the four winds (many to their next failure, a ‘Draft Bloomberg’ initiative). So its operators simply abandoned it. Like a rusty old Buick up on cinder blocks in a weed-choked vacant lot, its twisted carcass had no significant scrap value.

Canada: Online voting system mulled in Alberta | Sherwood Park News

Strathcona County council gave its thumbs up at a meeting on April 24 to a partnership with the City of Edmonton and the City of St. Albert to establish an internet voting pilot project for the 2013 municipal election. Jacqueline Roblin, manager of Strathcona County Legislative and Legal Services (LLS), stated in her presentation to council that the pilot would be applied to solely the special ballot process for those people who will be absent from the jurisdiction during the 2013 election. She noted that administration wants to add an amendment allowing for any voter to vote through this process. “We’re taking it in a very small portion of our election so that we can test out our systems and that will gradually start to build voter confidence in the process,” Roblin said.

National: Why Online Voting Isn’t So Safe – FBI investigating student who hacked college election | Mobiledia

A California student tried to win a college government election by hacking into classmates’ accounts, which may lead to federal charges and increased privacy for not only colleges, but national and state elections as well. Matt Weaver, a junior, ran for student government president at California State San Marcos, located near San Diego, when school officials said he hacked into a computer and stole 700 voters’ passwords and identifications to alter the polling results. School police detained and released Weaver, but have yet charge him for the accusations, which include unlawful access to a computer, election fraud and identity theft. The FBI, which usually isn’t interested in the college student government results, is investigating Weaver’s hacking skills. School officials said they caught Weaver working on a school computer, and in possession of a device, used to steal passwords. … Federal authorities are also examining Weaver’s activities to decide if such hacking may interfere with state or national elections.

Estonia: Parliament Seeks to Make Internet Voting More Transparent | ERR

Parliament is looking to amend the electronic voting procedure in such a way as to make it possible for voters to check whether their votes have been registered correctly. Starting from 2005, e-voting has been used in five elections in Estonia. In order to make the system more reliable and trustworthy, legislators are now looking for a way to make it possible for voters to check whether their votes have been registered correctly. This solution was proposed in response to the concerns that arose during the last elections regarding the possibility of voters’ computers being tampered with, reported ETV. “In the case of a virus that blocks voting, a person may think that he has voted, when in fact the vote has not reached the system. This is why we came up with the idea of giving voters an opportunity to check their votes,” said Reform Party MP and member of Parliament’s Constitutional Committee Andrei Korobeinik. According to him, the voter’s computer is the weakest link in the chain and vote checking is one of the most complicated issues being tackled at the moment. “The initial idea is that the voter will be shown an image that he can photograph off the screen using his mobile phone, and then the system will tell him whether his vote has been registered correctly or not,” he explained.

National: Internet Voting Is Years Away, And Maybe Always Will Be | TechPinions

In today’s New York Times Magazine, political writer Matt Bai grumbles in a short piece about his inability to vote online in an era where nearly everything else can be done over the Internet. “The best argument against Internet voting,” he writes, “is that it stacks the system against old and poor people who can’t afford or use computers, but the same could be said about cars.” That, he argues, is a problem that could easily be solved by the electronic equivalent of giving people rides to a polling place. If only it were so simple. Voting, alas, has unique characteristics that make internet implementations all but impossible given current technology. The big problem is that we make two demands of it that cannot be met simultaneously. We want voting to be very, very secure. And we want it to be very, very anonymous.

Canada: Deliberate Denial of Service Assault Disrupts NDP Internet Voting | SPAMfighter

An advanced cyber-assault, which created chaos during the federal NDP party’s election, has been attributed to a specialized Web hacker who utilized over 10,000 PCs globally for so slackening the pace of the online-voting that it started to crawl, thus published vancouversun.com dated March 28, 2012. Actually, according to the provider of the Internet-based balloting, Scytl Canada, one Denial-of-Service assault was deliberately unleashed with the objective of disrupting the voting exercise by the NDP on 24th March 2012. It was determined that the assault successfully clogged the channel of the voting mechanism so voters had to wait long to gain access. This slackening of the voting speed thus frustrated the party’s representatives gathered at Toronto.

South Korea: Ruling Party Risks Parliament Election Loss | Businessweek

South Korean President Lee Myung Bak’s ruling party faces losing control of parliament next week to an opposition that vows to increase welfare spending, revisit a U.S. trade deal and improve ties with North Korea. The New Frontier Party is struggling to overcome bribery and illegal surveillance scandals ahead of April 11’s National Assembly elections that may forecast the December presidential race. The opposition Democratic United Party has pledged to create 3.3 million jobs and may get a boost from younger voters who face an unemployment rate almost twice the national average. Asia’s fourth-largest economy has had slower growth and higher inflation under Lee than his predecessor, contributing to a 50 percent drop in his popularity. Relations have also worsened with North Korea, who plans to fire a long-range rocket between April 12 and 16 would scuttle a food aid agreement with the Obama administration. “An opposition victory will hasten Lee’s position as a lame duck,” said Lee Nae Young, a political science professor at Korea University in Seoul. “Regardless of who wins, we could see many welfare policies enacted before Lee’s term ends, as parties try to improve the odds for December.”

Editorials: There’s no democratic quick fix | Ottawa Citizen

As Canadians focus on cases of possible election fraud with the unfolding “robocalls” scandal, some people have suggested that Internet voting might be one way of stopping unscrupulous political activists from sending voters to non-existent polling stations. In fact, Internet voting is likely to increase, rather than decrease, electoral fraud. Since online voting requires passwords, there would be nothing to stop eligible voters from giving or selling their passwords to others. A few charismatic members of a community organization, or of a partisan political association, or of a family might then be able to control the votes of numerous citizens.

Canada: Internet voting carries risk as show by NDP experience | thestar.com

The recent New Democratic Party convention in Toronto may have done more than just select Thomas Mulcair as the party’s new leader. It may have also buried the prospect of online voting in Canada for the foreseeable future. While Internet-based voting supporters have consistently maintained that the technology is safe and secure, the NDP’s experience — in which a denial of service attack resulted in long delays and inaccessible websites — demonstrates that turning to Internet voting in an election involving millions of voters would be irresponsible and risky. As voter turnout has steadily declined in recent years, Elections Canada has focused on increasing participation by studying Internet-based voting alternatives. The appeal of online voting is obvious. Canadians bank online, take education courses online, watch movies online, share their life experiences through social networks online, and access government information and services online. Given the integral role the Internet plays in our daily lives, why not vote online as well? The NDP experience provides a compelling answer.

National: Online Voting ‘Premature’ Warns Government Cybersecurity Expert | WBUR

Warnings about the dangers of Internet voting have been growing as the 2012 election nears, and an especially noteworthy one came Thursday from a top cybersecurity official at the U.S. Department of Homeland Security. Bruce McConnell told a group of election officials, academics and advocacy groups meeting in Santa Fe, N.M., that he believes, “it’s premature to deploy Internet voting in real elections at this time.” McConnell said voting systems are vulnerable and, “when you connect them to the Internet that vulnerability increases.” He called security around Internet voting “immature and under-resourced.” McConnell’s comments echo those of a number of computer scientists who say there’s no way to protect votes cast over the Internet from outside manipulation. But right now a growing number of states are allowing overseas and military voters to return their marked ballots by digital fax or email, which experts say raises the same threat. It’s part of a recent push to make voting easier for millions of Americans overseas, who often are prevented from voting because of slow ballot delivery and missed deadlines.

Canada: NDP internet vote disruption worries experts | The Chronicle Herald

Although many people are attached at the hip to their laptops, few are conversant in software coding and even fewer are familiar with heavy encryption. Combine computers with the intricacies of elections, and that leaves only a handful of specialists worldwide who can claim to understand online voting. Questions about e-voting were raised after the NDP leadership convention was disrupted by a cyber attack. Not all of them have been answered satisfactorily, say software experts, despite reassurances from Scytl, the software company that handled the NDP election process, and from Halifax Regional Municipality, which has committed to use the company’s services in October’s municipal election. “Multibillion-dollar (software developers) like Windows, you know, Microsoft . . . can’t have their software bug-free. So I don’t think Scytl is able to do that,” said Daniel Sokolov, a Halifax information technology expert. Sokolov has examined several European elections that used e-voting and found at least three with troubling results.