A Florida website became the first known target of an election-focused cyberattack last year, when more than 2,500 "phantom requests" for absentee ballots were made from international locations, NBC News reported Monday.
The Miami Herald first reported in February about the irregularities on the election website, which took submissions for absentee ballots. The Herald found that 2,552 requests were filed to a Miami-Dade County elections website over a two-and-a-half week period in July, primarily targeting Democratic voters ahead of upcoming primary elections. They came on behalf of voters who had not actually applied for absentee ballots and were tracked to a few Internet Protocol addresses registered in India, the United Kingdom and other foreign countries.
From the NBC News report:
"It's the first documented attack I know of on an online U.S. election-related system that's not (involving) a mock election," said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who is on the board of directors of the Verified Voting Foundation and the California Voter Foundation.
Other experts contacted by NBC News agreed that the attempt to obtain the ballots is the first known case of a cyberattack on voting, though they noted that there are so many local elections systems in use that it's possible that a similar attempt has gone unnoticed.
When election officials became aware of the irregularities, they blocked the incoming IP addresses and were eventually successful in stemming the flow of suspicious requests. Investigators initially closed their probe into the cyberattack earlier this year without identifying a suspect, but NBC reports that state officials say they have since re-opened the investigation in order to look into the matter again.
While the attack will likely lead to increased concern over cyber vulnerabilities -- especially in a number of others states where digital security for elections is more lax than in Florida -- Florida officials have outlined a set of recommendations in a grand jury report in hopes of enhancing security for online election resources.
That the Miami-Dade County Election Department upgrade its existing elections website to have secure access and modernized features. Voters should be able to access a secure site via login/password (similar to financial institutions) where they can access absentee ballot requests and update their voter information. Instructions on obtaining user names and passwords will be included with all voter registration mailings. Utilizing login and password features would limit the ability of future fraudulent absentee ballot requests.