NDP leadership election marred by DDoS

So, something pretty big happened in Canadian politics yesterday.

For you Yankees, the short-form of Canadian politics is: we have multiple political parties, not just two. We have the right-wing Conservatives, who are like (in so many ways) your Republicans; we have the centrist Liberals, who are like your Democrats; and we have the NDP, who are a left-wing party unlike anything you’ve seen in America for forty years. We also have the Greens, and several far-left, far-right and far-loon parties, depending on where you are. Each of them elects a party leader, and if that party gets the most seats in the House of Commons, their party leader is made Prime Minister. The party leader of the next biggest party is the Leader of the Loyal Opposition.

Canada lost a great statesman in the long-time leader of the NDP, Jack Layton, when he succumbed to cancer. The NDP just held the election for the new leader, doing it for the very first time entirely online through Spanish company Scytl, who evidently have a sterling record for security in electronic elections.

It turns out, though, that distributing the load for the four tiers of the ballot… well, less so.

The CBC reports:

The party said earlier in the day it was the subject of an outside attack on its online voting system, provided by Spanish company Scytl.

The problem Saturday night was the same, the party president told Radio-Canada. Rebecca Blaikie said the site is receiving more traffic than if all 131,000 members were trying to vote at same time. More than 58,000 members voted in advance, leaving about 11,000 people voting Saturday, online or at terminals set up at a Toronto convention centre.

It strikes me as grossly unlikely that Scytl would be unable to handle that many users at a time — our own server would probably choke on 11,000 simultaneous connections, but any smart and load-balanced setup would certainly not cause these kinds of issues. It would take a much, much higher number of connections-per-second to hose a server the way it did; this indicates to me that some outside influences were indeed launching botnet or malformed packet attacks of some description. What puts a crimp in this analysis is this reporting, though:

They may be able to identify the source of the attack, which jammed the system and created delays that plagued voting for the party’s leadership, Blaikie said earlier Saturday.

The party has the IP addresses suspected in the online attack, she said. An IP address is a number assigned to an internet connection that may be able to point the party to the perpetrator.

Senior party official Brad Lavigne said the system was not hacked and the integrity of votes cast was not compromised. But the attack delayed third-round voting when the system had to be restarted, he said.

Having the IPs for hundreds of bots in a botnet wouldn’t necessarily give you the mastermind, though. A smart mastermind would probably keep his own computer off the botnet, lest he get shut down accidentally by a zealous ISP, and have no way to contact that botnet to end the attack. If this IP information actually stands a chance of telling people who was responsible, it might be because of an attempted hack attack which, if Huffington Post’s reporting is to be trusted, might have happened:

“The system has not been compromised,” said Brad Lavigne, a former party national director who was dispatched to explain the problem to reporters.

“The system was not hacked. It was never even close to being hacked.”

Lavigne said someone outside the party tried to get access to the system, triggering alarms that caused the system to shut down.

“The analogy that can be used is that somebody was trying to break into our house and the alarm went off and the robbers were scared away.”

If someone tried to hack the system somehow, and that caused the server to shut down in response, that’s a completely different animal than what the rest of the narrative is claiming, e.g. a straight DDoS — that a distributed attack was committed, with many many dummy connections hitting the server so legitimate traffic is jammed and can’t be served.

I really hope more information is forthcoming. I strongly suspect it’s a simple DDoS and HuffPo is wrong, but I don’t know how the NDP could possibly narrow it down to specific IPs without those IPs having done something a little more interesting than being part of a botnet.

Through all this, Thomas Mulcair was elected the new Leader of the Opposition. He’s apparently been very well received by the NDP. Since the common (Conservative) narrative that the NDP is “not to be trusted at the helm” has largely crumbled, and since Harper’s intent on ramming as many odious changes down Canadians’ throats as humanly possible before he has to hit the skids, we may be looking at our new Prime Minister.

I honestly hope he can live up to Jack’s standards. Them’s some big shoes to fill. He’ll have plenty of time to break them in though, since I fully expect Harper will stall as long as humanly possible before calling an election. So maybe 2016.

NDP leadership election marred by DDoS

13 thoughts on “NDP leadership election marred by DDoS

  1. 2

    I was hoping you’d say something on this.

    Overall, I’m glad I voted early, rather than waiting. I don’t feel left out of the process, either, by locking in my vote – I voted for Mulcair, so my preferences were moot. Happily.

    I think Thomas Mulcair could be Prime Minister some day. But it’s all going to depend on who the Libs get. If they find someone who can grab back at it, we could be looking at another Harper premiership in 2015.

    What I truly love about Mulcair is his dedication to changing our broken voting system.

  2. 5

    You realize that, if the Conservatives had been willing to grant him a cabinet post, Mulcair would today be a proud member of team Harper, right?

    The NDP’s strength has been it’s tenacious adherence to social democratic principles. Good luck to them with a sellout as leader.

  3. 6

    What reforms does he support? I suppose we’re not talking about the actual voting system (as it’s pretty much fine I think) and instead we’re talking about electoral?

    Is the support for IRV (which I support) or proportional representation (which I do not)?

  4. F

    but I don’t know how the NDP could possibly narrow it down to specific IPs without those IPs having done something a little more interesting than being part of a botnet.

    Why? Nothing goes anywhere without an IP address – although it may even be spoofed. What the NDP would do with the addresses, not being the server operator and being generally clueless about anything having to do with information technology as most people and especially politicians are.

    If the IP’s belong to an ISP or other organization which is cooperative, the proper party finds out who had the address and can investigate whether a system at the address is/was infected.

    Of course, that doesn’t mean one can know who created, leased time on, or coopted the botnet to perform the DDoS. (If that’s what happened, which is a decent assumption.)

    Why would it take more than a (D)DoS attack to have an IP for the point of origin of some traffic?
    And while I’m here, since I have to mention it once for every thousand occurrences or so, and since this community put such a premium on words – especially words of identity, good or bad: Stop abusing the word hacker, hack, hacking, etc. Don’t dismiss the misuse with some “language evolves” crap if that isn’t suitable for other words. Yeah, I know it’s easy to use it. I know the article referenced “used it first”. But most attacks require no creativity, exploration, or self-gained knowledge to perform. It may be a hacker, good or bad, originally discovered an exploit for a vulnerability in a system, but that doesn’t make every subsequent use of such knowledge “hacking”. If someone spray-paints epithets all over school walls, windows, and furniture, do you call that “painting”, or do you call it “vandalism”?. Would your word-choice change if the damage were the same, but the vandal produced high-quality, original visual art? What is the focus – the nature of the act, or how the paint was used? Point being, even if attempted unauthorized access of a system was implemented by an actual hacker figuring out how to abuse a system, why should the identity of such an act be orientated around how it was attempted rather than its criminal nature? If it is very important to the discussion, at least qualify that it is illegal, criminal, or malicious hacking.

    /end rant and have a nice day

  5. 9

    I also use “hacker” to mean someone who makes large sweeping code changes with little testing or to achieve some end in a dirty but “works for now” manner. Since the word originally meant someone who “hacks” at a keyboard all day churning out pulp fiction for cash, this language did actually evolve.

    That notwithstanding, I know where you’re coming from.

    As for my question, a distributed denial of service involves telling a network of hundreds, maybe thousands, of compromised computers to connect to the website simultaneously. That’s giving them a big haystack, and it would take the mastermind’s IP being particularly conspicuous by doing something ELSE, too, e.g. trying to connect to their servers in some unique way.

  6. 10

    Jason, I think we Canadians should stop referring to the Harper party as just the Conservatives – it was a hostile take-over by the Reform/Alliance Party so it should rightfully be called the CRAP. πŸ˜‰ (old ‘joke’ for Canadians)

  7. 11

    The Conservative Reform Alliance Party. πŸ˜€ Yes, I get it, even though I’m a young whippersnapper. According to some people. (To some others, I’m apparently like Yoda.)

  8. 12

    So far as I can tell, that last link where you say the Conservative narrative about the NDP is losing ground should be taken with some grain of salt.

    “Although no margin of error was given for the poll, data from the online survey of 1,004 Canadians was weighted using the latest census results to ensure that the final sample group was representative of the Canadian populace and, as much as possible, a true reflection of broad public opinion.”

    The bolded portion is the only relevant information. Everything after that is prevarication to excuse a poorly-designed survey whose results cannot be trusted.

  9. 13

    Grossly uncharitable, Riptide. You may want to read up on statistical sampling and the margin of error before you make that assertion. Polls using a thousand user sample size are generally good indicators of the broader public, especially if they are weighted to public demographics appropriately. The standard margin for error for this sample size, even if it was absurdly high, would not eliminate the fact that the media narrative that the NDP are unelectable and untrustworthy pretty much evaporated when the last election’s Orange Crush happened.

Comments are closed.