The Canadian-division manager of the worldwide firm that hosted the online portion of the NDP election told The Hill Timeson Tuesday that although the Spanish-based firm has 70 per cent of the global market shore for online elections, including general elections in several countries as well as smaller elections like the New Democrat leadership vote, it has never experienced an attack on the same scale—involving more than 10,000 computers that had likely been controlled through a “botnet” virus specifically designed to disrupt the voting last Saturday.
The online vote-service firm, Scytl Canada, issued a statement on CNW Newswire Tuesday morning to report the findings of a forensic investigation it conducted in the aftermath of the NDP convention disruption, disclosing that the accounting firm Price Waterhouse Coopers had also investigated and found the attack had not compromised the vote or any of the ballots.
But the Scytl statement said the IP addresses that the committee traced on the computers that were used in the attack, likely even without their owners being aware, were “primarily” located in Canada.
NDP NDP David Christopherson (Hamilton Centre, Ont.), chair of the Commons Public Accounts Committee and a former attorney general for Ontario, said the scale of the attack, and the fact it may have originated in Canada, should concern the Conservative government in light of the recent controversy over a confirmed Elections Canada investigation into fraudulent robocalls in the federal election last May. They also involved sophisticated computer software, as well as automated telephone systems.
The Elections Canada investigation has traced some of the calls, which claimed to be Elections Canada alerts telling Liberal voters their polling site locations had changed, to the Conservative campaign in the Ontario electoral district of Guelph. Elections Canada has since extended its investigation to a total of 700 new complaints stemming from election irregularities last May.
“If it turns out that indeed there was something this sophisticated that reached out as far as to bring in thousands of computers in an attempt to thwart the will of people conducting an election, and the service provider says they’ve never had this before, it certainly takes some of our democratic voting-scandal issues to a whole new level, if that’s the case,” Mr. Christopherson said.
“Not only then are we setting infamous, historical standards in Canada, but by international standards, these are unheard of,” he told The Hill Times. “Again, it speaks to the importance of us getting to the core issue around the robocalls, because it would seem that there may be some kind of linkage between the two, and if there is it’s yet one more problem and one more issue that the prime minister has to answer for.”
Botnet attacks, involving takeover of computer operations through a network of ‘robot’ computers, have usually targeted corporations, or government agencies such as the CIA and the FBI, and have been used to conduct fraudulent bank deposit transfers.
The Scytl statement said denial of service attacks, such as the one that targeted the NDP leadership convention in Toronto over the weekend, are often “launched as protests by the organization’s political or economic opponents.”
Susan Crutchlow, the manager of Scytl’s Canadian division, told The Hill Times the IP addresses of the computers used in the attack could also be traced to specific cities and regions in Canada, but also said it would be up to the NDP to release that information or not, and then to take the evidence to a law enforcement agency if that is what the party decides to do.
An NDP party spokeswoman, Sally Housser, said the NDP will wait until Scytl Canada provides it with all the information it has before making a decision on whether to seek a police investigation or charges.
“The forensic investigation into the source of the IP addresses is ongoing,” Ms. Housser told The Hill Times in an email. “We will wait for further information from the company’s investigation before deciding if we will involve any law enforcement agencies. As of right now we have no evidence as to who exactly is behind the attack, and I don't want to speculate before further information is available.”
Scytl described the subversion as “an organized and large-scale distributed denial of service (DDoS) attack launched against the voting system in an orchestrated, professional, albeit illegal manner. Well over 10,000 malevolent IP addresses (computers) have been identified so far, as having generated many hundreds of thousands of false voting requests to the system.”
The statement went on to say: “The required organization and the demonstrated orchestration of the attack indicates that this was a deliberate effort to disrupt or negate the election by a knowledgeable person or group.”
The attack turned the convention voting into turmoil last Saturday, with the party initially not disclosing its voting system had been compromised.
NDP MP Thomas Mulcair (Outremont, Que.) won the leadership on the forth ballot and after 9 p.m. at night, but the party had hoped the new leader would have been announced in the late afternoon.
As NDP media aides were telling journalists they had no knowledge of a denial-of service attack, a campaign manager for one of the candidates informed three reporters that all the candidate campaigns had already been told of an attack.
While delegates at the Toronto convention waited in line for up to an hour to cast electronic ballots on site, the party was forced to suspend online voting for several thousand party members who were taking part across the country. Nearly 56,000 of the 65,100 party members who voted had already cast ballots in advance by mail or online prior to the convention and only a few thousand NDP members voted electronically on Saturday.
Ms. Crutchlow said in a statement released Tuesday: “We deeply regret the inconvenience to NDP voters caused by malicious, massive, orchestrated attempt to thwart democracy. We are proud, however, that our robust system, which is used by many governments around the world, repelled this attack, did not crash, and completed its mission of giving all NDP members who wished to vote the opportunity to do so securely.”
Liberal MP John McKay (Scarborough-Guildwood, Ont.) told The Hill Times the attack is “potentially quite serious business” and the development could require Elections Canada safeguards over party elections and perhaps even nomination contests in the future.
“I don’t think the government should be monitoring all elections of all things at all times, but certainly with respect to officially recognized parties who are conducting things like leadership elections, nominations, things of that nature, there should be some warranty that the process has integrity,” Mr. McKay said. “If it doesn’t have integrity, that’s a very serious problem. In theory, the NDP could have elected somebody they didn’t intend to elect.”
Conservative MP Jay Aspin (Nipissing-Timiskaming, Ont.) said the attack might affect decisions by other parties to hold leadership elections online, but he said he believes the attack was perpetrated by an individual or several individuals who were out to make mischief.
“Ideally, it would be good to have a perfect electronic system that works, but individuals being individuals, and this is non-partisan, this is just people, some people are just out to do systems wrong,” Mr. Aspin said.
Original Article
Source: hill times
Author: Tim Naumentz
No comments:
Post a Comment