Things that make you go hmmmm….

It has been confirmed that there was a deliberate hack attack at NDP convention which resulted in on-line voting problems.

Question for someone who is far more technically adept than I: is this something that could be done by anyone with the right skills and knowledge? Or would it require a non-trivial amount of resources to pull it off?

 

(1231)

Be Sociable, Share!

6 Comments to “Things that make you go hmmmm….”

  1. Fred says:

    It would be easy to perform a DDoS (distributed denial of service) attack against any internet connected machine. And it would be easy to ‘spoof’ the attack – that is, to make attacks from a single machine appear to originate from multiple machines in multiple locations. However, this approach would limit the effectiveness of the attack since it would soon strain the limits of the power of the machine and the capacity of its internet connection.

    A more efficient, and difficult to trace, DDoS attack would involve machines spread around the internet, on different machines in different locations (hence the term ‘distributed’). One could create a ‘botnet’ by compromising innocent, but vulnerable, machines and installing DDoS attack software on them, and then use them in a DDoS attack.

    There is also an illegal market of ‘botnets’ on the internet which offer various services, including DDoS attacks. So as long as you have a credit card, you could probably custom order a DDoS attack. I would guess that, unless you want to get Interpol involved, this type of attack would be extremely difficult to trace. Unless you follow the money trail.

    • trashee says:

      Welcome, and thanks for the detailed answer.
      So I’m guessing that this could have been a bored, technically adept dude in a basement just as easily as political operatives- which is, of course, who will be accused.

      • Fred says:

        Yes, the attack could have been a ‘bored dude in the basement’ as you suggest. It could also have been a coordinated attack by professionals.

        The results of the forensic investigation should give us an idea of the scale of the attack.

        • Botnet time is purchaseable without a lot of hassle nowadays. A guy got nailed a couple years ago for selling botnet time. He was raking in over $250k per year. Great job if you can get it.

          The LOIC is a botnet run by Anonymous, but the same technology is available to anyone.

  2. Evolving Squid says:

    A DDOS attack is pretty simple. Miscreants with access to the Low Orbit Ion Cannon, or any number of other tools could do it. There would be some effort involved, but nothing beyond the reach of some cranky teens.

    This sort of thing is why online voting is far from a ready-for-prime-time technology.

  3. Evolving Squid says:

    Likely it would be pretty easy.

Leave a Reply

*