In what is being touted as the first known cyberattack on a U.S. election, many mainstream news outlets are reporting on the approximately 2,500 bogus absentee ballot requests that were flagged as suspicious by Miami-Dade County’s absentee ballot processing software in last year’s primary elections. A Miami-Dade County grand jury investigated the incident and described it as:
a scheme where someone created a computer program that automatically, systematically and rapidly submitted to the County’s Department of Elections numerous bogus on-line requests for absentee ballots.
Fortunately, the software had safeguards that verified IP addresses on the absentee ballot requests. That was instrumental in detecting this cyberattack, but the incident still leaves questions unanswered regarding the inherent insecurity of the Internet and why it should be used at all in the balloting phase of elections. There’s also the question of how many cyberattacks might have been carried out elsewhere or at other times that were not detected.
Just to set the record straight, this incident is not the first known cyberattack on an American election. The New American for October 9, 2000 reported a similar cyberattack on Arizona’s 2000 Democratic primary:
In an interview with The New American, Joseph Mohen, CEO of election.com, admitted that the Arizona Democratic Primary was e-attacked. There were two kinds of attacks, denial-of-service and password guessing, all of which were successfully thwarted. Nevertheless, the fact that this first-ever, true Internet election was subject to such sabotage attempts shows the profound weaknesses of Internet voting. Attacks on future elections may be prosecuted more successfully.
The New American contacted Ion Sancho, supervisor of elections for Leon County, Florida, who agreed that the recently reported cyberattacks in Miami-Dade County were not the first cyberattacks on an American election. He recalled the 2004 elections in Ohio where the state-wide accumulation of vote totals in the centralized computer system in Columbus was hit by a denial of service attack. The accumulation of vote totals was moved to a different computer system.
Regarding the cyberattack in Miami-Dade County, Sancho said he was puzzled as to why the domestic e-mails were not pursued to their sources immediately. He added that he would like to see a full investigation of this incident including the domestic e-mails.
Sancho expressed concern about Internet voting, saying: “The internet is highly, highly suspect in terms of security. And that’s one of the reasons why I am an absolute opponent to using the Internet for casting votes.”
The long time delays between when the computer system identified the suspicious ballot requests and when action was taken point out deficiencies in investigating problems in elections not just in Florida but throughout America. According to the Miami Herald online for March 25, the first suspicious absentee ballot requests started on July 7. The date of the primary election was August 14. The general election was held on November 6. The date on the grand jury report was December 19. If the grand jury had found fraud sufficient to have overturned the results of that primary, what good would it have done over a month after the general election?
The New American contacted the Miami-Dade elections office; however, as of press time, they had not returned either our telephone call or e-mail request for information.
Update March 28, 2013: Christina White, deputy supervisor of elections for the Miami-Dade Elections Department responded via e-mail to The New American’s request for information saying, “This is a pending investigation with our State Attorney’s Office and therefore we are not at liberty to discuss the matter.”