Tweet
Senate Leader scraps website war poll, blaming hackers
By Andrew Orlowski in San Francisco
Posted: 07/03/2003 at 22:55 GMT
Senate majority leader Bill Frist has yanked a "Bomb Iraq" poll from his website.
Frist's office told The Register that "tampering" was to blame for the removal of the poll, which asked "Should the United States use force to remove Saddam Hussein from power? Your opinion is important to Senator Frist."
"Clever computer programmers created a program that generated 8,700 votes in a day," a spokesperson told us. Which is where the mystery really begins.
The spokesperson couldn't say whether the software was running inside the firewall, representing a major breach of the Senate IT security, or was a robot-style vote generator run by netizens.
The curious thing is that Frist's poll page already banned robots - including the Wayback Machine, archive.org - from the site. Respondents could vote once and then return to the site later to change their vote; only the latest response would be counted.
"As you know government computers are constantly being attacked by hackers," he suggested.
Nor could Frist's office explain why the website administrators simply didn't exclude the votes they didn't want to count - Florida-style.
One correspondent has noted the increasing tally of No votes:-
"At 1:35 pm Washington DC time on March 6, the Frist site reported 31,118 responses to the war poll. Anti-war respondents (55%) had gained a clear majority over pro-war respondents (44.6%). (These figures do not quite add up to 100%, apparently because of the rounding method used by Senator Frist's staff.)
"Within the hour, at 2:23 pm, the anti-war fever had risen, with 56.9% anti-war, 42.9% pro-war. By 4:29 pm, according a snapshot of the Frist site, with 37, 742 total responses, the anti-war vote registered 59.5%, with the pro-war vote ebbing at 39.8%."
The Senate site has been defaced before. Whether this represents a new and more serious breach - as Frist's office suggests - we don't know.
But our enquiries continue. ®
By Andrew Orlowski in San Francisco
Posted: 07/03/2003 at 22:55 GMT
Senate majority leader Bill Frist has yanked a "Bomb Iraq" poll from his website.
Frist's office told The Register that "tampering" was to blame for the removal of the poll, which asked "Should the United States use force to remove Saddam Hussein from power? Your opinion is important to Senator Frist."
"Clever computer programmers created a program that generated 8,700 votes in a day," a spokesperson told us. Which is where the mystery really begins.
The spokesperson couldn't say whether the software was running inside the firewall, representing a major breach of the Senate IT security, or was a robot-style vote generator run by netizens.
The curious thing is that Frist's poll page already banned robots - including the Wayback Machine, archive.org - from the site. Respondents could vote once and then return to the site later to change their vote; only the latest response would be counted.
"As you know government computers are constantly being attacked by hackers," he suggested.
Nor could Frist's office explain why the website administrators simply didn't exclude the votes they didn't want to count - Florida-style.
One correspondent has noted the increasing tally of No votes:-
"At 1:35 pm Washington DC time on March 6, the Frist site reported 31,118 responses to the war poll. Anti-war respondents (55%) had gained a clear majority over pro-war respondents (44.6%). (These figures do not quite add up to 100%, apparently because of the rounding method used by Senator Frist's staff.)
"Within the hour, at 2:23 pm, the anti-war fever had risen, with 56.9% anti-war, 42.9% pro-war. By 4:29 pm, according a snapshot of the Frist site, with 37, 742 total responses, the anti-war vote registered 59.5%, with the pro-war vote ebbing at 39.8%."
The Senate site has been defaced before. Whether this represents a new and more serious breach - as Frist's office suggests - we don't know.
But our enquiries continue. ®
Senate leader explains poll "hack"
By Andrew Orlowski in San Francisco
Posted: 11/03/2003 at 23:53 GMT
Senator Frist's office has elaborated on its explanation of why it pulled a website poll about the Iraq war last week. We could find no evidence of a security breach at the Senate, although this was the primary reason suggested by a Frist spokesperson on Friday. In fact, the poll was hosted outside the Senate firewall, his office now confirms.
The poll was discovered by bloggers, including Tom Tomorrow, who linked to the poll while it was showing a majority in favor of the war. By the time the poll was pulled, the vote count had swung to the Noes.
"Our computer guy has identified one individual who voted 8,700 times," the spokesperson told us today. Apparently, the software deleted the cookie and voted again.
So why not simply discard the 8,700 suspect votes?
"We suspended the poll because it had been tampered with," he said. "If those votes came from 8,700 unique users we would not have had to suspend the poll."
Well, quite. Although it doesn't really answer the question of why those 8,700 votes weren't discarded, and the good votes allowed to count.
It's certainly a puzzle. Previous polls on the Frist website explain that the system detected and disallowed multiple voting. To do so effectively it must log a voter's IP address, rather than rely on a cookie.
But what if, as one readers suggested, the "hacker" was using a dial-up connection? Dial-up connections typically allocate different IP numbers each time you connect.
Well, assuming each connection could be completed in 1 minute and 20 seconds, a single dial-up user would need more than eight days to vote 8,700 times, assuming the he didn't sleep, that the ISP had 8,700 numbers to allocate, and that it didn't allocate the same number twice from its pool of IP numbers.
So we can rule that one out.
"We will ensure that this kind of tampering doesn't happen again," said the spokesperson.
Online election ballots, anyone? ®
By Andrew Orlowski in San Francisco
Posted: 11/03/2003 at 23:53 GMT
Senator Frist's office has elaborated on its explanation of why it pulled a website poll about the Iraq war last week. We could find no evidence of a security breach at the Senate, although this was the primary reason suggested by a Frist spokesperson on Friday. In fact, the poll was hosted outside the Senate firewall, his office now confirms.
The poll was discovered by bloggers, including Tom Tomorrow, who linked to the poll while it was showing a majority in favor of the war. By the time the poll was pulled, the vote count had swung to the Noes.
"Our computer guy has identified one individual who voted 8,700 times," the spokesperson told us today. Apparently, the software deleted the cookie and voted again.
So why not simply discard the 8,700 suspect votes?
"We suspended the poll because it had been tampered with," he said. "If those votes came from 8,700 unique users we would not have had to suspend the poll."
Well, quite. Although it doesn't really answer the question of why those 8,700 votes weren't discarded, and the good votes allowed to count.
It's certainly a puzzle. Previous polls on the Frist website explain that the system detected and disallowed multiple voting. To do so effectively it must log a voter's IP address, rather than rely on a cookie.
But what if, as one readers suggested, the "hacker" was using a dial-up connection? Dial-up connections typically allocate different IP numbers each time you connect.
Well, assuming each connection could be completed in 1 minute and 20 seconds, a single dial-up user would need more than eight days to vote 8,700 times, assuming the he didn't sleep, that the ISP had 8,700 numbers to allocate, and that it didn't allocate the same number twice from its pool of IP numbers.
So we can rule that one out.
"We will ensure that this kind of tampering doesn't happen again," said the spokesperson.
Online election ballots, anyone? ®
Comment