Advertisement

Tech firm says NDP vote hit with hundreds of thousands of malicious requests

OTTAWA - More than 10,000 "malevolent" Internet addresses were used to jam the NDP leadership convention's online voting system, according to the tech company that ran the vote.

The denial-of-service attack delayed voting for several hours and pushed the crowning of new NDP Leader Thomas Mulcair late into Saturday evening.

Some observers of the weekend convention immediately claimed the technical delays as evidence that New Democrats are not ready to govern.

But a statement Tuesday from Scytl Canada, which ran the online vote, described Saturday's cyber attack as an organized, professional and illegal effort.

"We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy," Susan Crutchlow, the general manager of Scytl Canada, said in a release.

"We are proud, however, that our robust system, which is used by many governments around the world, repelled this attack, did not crash, and completed its mission of giving all NDP members who wished to vote the opportunity to do so securely."

The Spain-based company also thanked the party for its patience with the long delays caused by the attack.

Scytl said it has identified well over 10,000 IP addresses that generated "many hundreds of thousands" of false voting requests to the system.

"This effectively 'jammed up the pipe' into the voting system, delaying voter access," said the company statement.

The so-called "botnet" used computers around the world, but mainly in Canada, said Scytl.

The NDP says it is awaiting the conclusion of Scytl's forensic investigation before deciding what to do next.

"Obviously, people who are able to pull off something like this are often very good at not being traced as well," said party spokeswoman Sally Housser.

She said the party has not yet lodged a police complaint.

At least one NDP voter said he suspected someone "stole" his vote.

Mike Doherty, who lives in southern Ontario, missed the first round of voting. When he logged onto the online voting system to cast his second-round ballot, Doherty said a message popped up telling him that he had already voted.

Doherty said he got the same message on subsequent attempts to vote, even though he hadn't actually voted.

He suspects someone noticed he had not voted in the first round and was somehow able to use his voter ID to vote for their candidate. He also harbours suspicions that his voting problem was caused by the work of hackers.

"I'm so frustrated," Doherty said in an interview earlier this week. "I wasted most of the day trying to get to the bottom of it. I'm really upset about it."

David Skillicorn, a professor at Queen's University's school of computing, noted in a release that a botnet attack, which compromises a large number of computers, comprises "a very serious attack, but it was a very easy one to do."

Long delays in voting at the NDP convention were first attributed by the party to larger-than-expected demand, but only about 9,500 votes of the 65,000 total were generated on the weekend, with the vast majority of party members voting in advance.

The nature of the attack adds to a season of online intrigue that has rocked the federal political scene.

The Conservative party has been fending off allegations that campaign operatives used robocalling tactics in last May's election to suppress voting support for their opponents in certain ridings.

Elections Canada is investigating reports that voters in Guelph, Ont., received calls from a phone number with a 450 area code directing them to the wrong polling station. Phone records show the number behind the Guelph calls was the same one registered to "Pierre Poutine'' of "Separatist Street'' in Joliette, Que.

Hundreds of voters, covering a number of ridings, have reported receiving similar fake calls purportedly from Elections Canada directing them to non-existent polling stations.

On Tuesday, the Council of Canadians said it will ask the Federal Court of Canada to overturn the 2011 election results in seven closely contested ridings. The left-leaning advocacy group claims the pre-recorded robocalls affected the results in those ridings.

Former Liberal party staffer Adam Carroll was forced to quit after using a House of Commons computer and an anonymous Twitter account earlier this year to disclose details of Public Safety Minister Vic Toews' acrimonious divorce.

The account was set up in the wake of the introduction of an online surveillance bill that would give authorities expanded powers to gain people's Internet information, raising privacy concerns among a wide cross-section of critics.

— with files from Steve Rennie