Miami.fraud.map.jpg

[Image courtesy of miamiherald]

Here’s a “wow” for your Monday morning … the Miami Herald had this remarkable story over the weekend:

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7.

The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25.

Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random.

It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found.

The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out.

All of this came to light after the foreman of a grand jury empaneled to investigate the ballots requests, but what hasn’t yet been discovered is who is responsible – and why.

There are a few very strange aspects to the case. First, the fraudulent ballot requests targeted both Democratic and Republican voters (blue and red dots, respectively, in the above screenshot from a Herald map of the requests). Second, while the ballot requests used some fake information, many of them used real email addresses and other data available from other sources. Most importantly, these requests appear to have been very sophisticated, targeting real but infrequent voters – and exhibiting some skill at attempting to evade efforts to thwart the scheme:

When the phantom requests were initially flagged, elections staff telephoned a dozen of the targeted voters to check whether they had really asked for absentee ballots. They hadn’t, said Rosy Pastrana, the deputy elections supervisor for voter services.

Lynn Sargent, 23, said she received an email July 8 confirming her absentee-ballot request — even though she had never submitted one.

“I was definitely concerned when I got it,” said Sargent, a Miami-Dade native who had recently moved to Connecticut. But the ballot never arrived, and she voted in her new state.

Once the department knew the requests were phony, it blocked the 15 IP addresses from which they originated. It took several tries — the hacker simply switched to a different address — before the requests stopped.

“Every time we saw that pattern, we would block the IP,” said Bob Vinock, an assistant deputy elections supervisor for information systems. “I guess they finally gave up.”

There is still one more twist in the case, however. Included in the list of masked IP addresses were three domestic addresses that – for whatever reason – were never investigated. Prosecutors are following up now to see if that information can help shed light on who was behind the requests.

One coda to the investigation is a recommendation by the grand jury to require more information – including a login and password – for online ballot requests. According to the Herald, Miami-Dade has not yet acted on that recommendation, in part because the county believes its record of catching and preventing the phantom requests this summer suggests that existing software and procedures are sufficient.

This case is definitely worth watching; if nothing else, it’s a helpful reminder that as more and more election activity moves online, election offices need professionals with information security skills to identify and prevent threats like the one in Miami. There are numerous reasons why someone might want to interfere with an election; in today’s environment, there are seemingly countless ways to try it.