SCYTL Canada DDoS attack analysis


TORONTO, Mar 27, 2012, 2012 (Canada NewsWire via COMTEX) — Delays in the final rounds of voting in last Saturday’s Federal NDP Leadership Convention were caused by a deliberate, large-scale Distributed Denial of Service (DDoS) attack that attempted to deny NDP members access to the online balloting system. While the attack temporarily slowed down the voting process, at no time was Scytl’s highly sophisticated security system penetrated. An onsite independent audit by Price Waterhouse Coopers confirmed that no ballots cast by credentialed NDP members were added, subtracted or changed.

DDoS attacks typically attempt to crash or greatly slow down websites by saturating servers with bogus external communications requests that deny legitimate users access. Governments, banks, credit card companies and high-profile political or organizational websites are common targets of DDoS attacks, often launched as protests by the organization’s political or economic opponents. A forensic investigation is now underway to attempt to locate the source(s) of the attack on the NDP vote.

“We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” says Susan Crutchlow, General Manager of Scytl Canada.

“We are proud, however, that our robust system, which is used by many governments around the world, repelled this attack, did not crash, and completed its mission of giving all NDP members who wished to vote the opportunity to do so securely.” Crutchlow praised NDP convention vote organizers for their level-headed response to the dramatic situation and their confidence that Scytl’s large, on-site technical staff could handle the attack.

“When we diagnosed the problem and explained what we needed to do to respond, they were calm and cooperative and extended the voting time to ensure the integrity of the process, even in the face of media criticism and groundless speculation. They should be congratulated for their unwavering respect for their members’ right to choose their new Leader.” A preliminary analysis of the sequence of events follows. More information will be released as the investigation proceeds.

What Happened — Scytl Canada was contracted by the New Democratic Party of Canada in an open, global competition to provide the voting services for both advanced and election-day balloting. The advanced balloting was performed via electronic and mail-in ballots using a preferential voting process. This occurred flawlessly, without incident.

— The first round of balloting began at 5:00 p.m. on Friday, March 23 and was completed on schedule at 09:00 a.m. on Saturday, March 24, 2012. When the second round of balloting began at 11:00 a.m., there were some initial voter delay and timeout reports that quickly increased in volume.

— On receipt of these reports, Scytl determined that the voting system was operating normally and the user delays were being caused by a growing volume of external voter requests. The logs of automated monitors such as Intrusion Detection Systems (IDS) and firewalls were analyzed and Scytl quickly recognized that this might be an external attack on the system. Scytl technicians commenced standard mitigation procedures including increasing the system throughput, identifying and blocking malevolent IP sites and other actions.

— Within 20 minutes following the evidence of external attacks, Scytl had an additional team of over twelve high-level personnel involved in these mitigation activities, which allowed the voting portals to be kept open albeit in a slower mode. By keeping ahead of the attackers, Scytl was able to allow the voting process to proceed with an overall three-hour delay.

Preliminary Attack Analysis Scytl has performed a preliminary forensic analysis on the attack and has concluded the following: 1. This was an organized and large-scale Distributed Denial of Service (DDoS) attack launched against the voting system in an orchestrated, professional, albeit illegal manner.

2. Well over 10,000 malevolent IP addresses (computers) have been identified so far, as having generated many hundreds of thousands of false voting requests to the system. This effectively “jammed up the pipe” into the voting system, delaying voter access. This network of malevolent computers, commonly known as a “botnet”, was located on computers around the world but mainly in Canada.

3. The required organization and the demonstrated orchestration of the attack indicates that this was a deliberate effort to disrupt or negate the election by a knowledgeable person or group.


ABOUT SCYTL CANADA Scytl Canada is a company incorporated in Toronto, Ontario. Scytl Canada is a subsidiary of Scytl Secure Electronic Voting.

Scytl Secure Electronic Voting ( is a technology company specializing in the development of secure electronic voting and electoral modernization. It has conducted over 100,000 voting events since its founding in 1994.

Based in Barcelona and with subsidiaries in Baltimore, Toronto, New Delhi, Athens and Kiev, Scytl’s solutions have been used in public elections by governments from countries such as the United States, United Kingdom, France, Canada, Norway, Switzerland, United Arab Emirates, South Africa, India and Australia, among others.

To view this news release in HTML formatting, please use the following URLSOURCE: SCYTL CANADA Susan Crutchlow, 289 795-3252. Scytl Canada Inc. 1155 North Service Road West Unit 11 Oakville, ON L6M 3E3




About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.