Florida Hit by First Cyberattack on US Election System

The first known cyberattack against an online election system in the United States took place in Florida last August, NBC News reported Monday.

The case involved more than 2,500 so-called phantom requests for absentee ballots reportedly sent to the Miami-Dade County elections website from a small number of computer IP addresses at overseas locations including Ireland, England, and India.

According to a December grand jury report on problems in the Aug. 14 primary election, it is not clear whether the requests were aimed at influencing a certain race, testing the system, or just interfering with the voting, the network reported. But computer software used by the county flagged the requests as bogus and election workers rejected them.

Editor's Note: Obama ‘Blunder’ Spawns Massive Profit Opportunity

The primary involved state and local contests, as well as U.S. congressional races.

“It’s the first documented attack I know of on an online, U.S. election-related system that’s not [involving] a mock election,” David Jefferson, a board member of the Verified Voting Foundation, told NBC.

But experts tell the network they have long been warning about this type of attack.

“This has been in the cards, it’s been foreseeable,” said law professor Candice Hoke, founding director of the Center for Election Integrity at Cleveland State University.

The attack raises questions about the security of online election systems. In the end, Hoke said, the cost of guarding online registration and voting systems might negate the financial benefits of online balloting.

The Miami Herald, which first reported the attack, said ballot requests targeted Democratic voters in the 26th Congressional District and Republicans in Florida House districts 103 and 112. The number of phantom ballots requested, the Herald noted, was not enough to affect the outcome of the races.

Still, election security experts warn that cyberattacks such as this are likely to become an increasing problem. “In this case, the attack was not as sophisticated as it could have been,” J. Alex Halderman, an assistant professor of computer science and engineering at the University of Michigan, told NBC.

But he added that had the attack been a more advanced one, “completely within the norm for computer fraud these days,” it would have likely been able “to circumvent the checks” that were run against it.