Worm attacked voter database in notorious Florida district

Computerworld - The computer database infrastructure of Sarasota County, Fla., was attacked by a notorious Internet worm on the first day of early voting during the 2006 election, which featured the now-contested U.S. House race between Democrat Christine Jennings and Republican Vern Buchanan in Florida's 13th Congressional district.

In the early afternoon hours on Monday, Oct. 23, 2006, an Internet worm slammed into the county's database system, breaching its firewall and overwriting the system's administrative password. The havoc brought the county's network -- and the electronic voting system which relies on it -- to its knees as Internet access was all but lost at voting locations for two hours that afternoon. Voters in one of the nation's most hotly contested Congressional elections were unable to cast ballots during the outage, since officials were unable to verify registration data.

Remember Slammer?

An incident report filed by the county explains the intrusion and temporary havoc wrought by the virus.

According to a two-page report examining an October 2006 outage, a server on Sarasota County's database system was attacked by "a variant of the SQL Slammer worm." Once infected, as the report details, the server "sent traffic to other database servers on the Internet, and the traffic generated by the infected server rendered the firewall unavailable."

In a separate document, titled "Conduct of Election Report, Sarasota County General Election, November 7, 2006" there are two different Internet service outages mentioned, though the viral attack described in the Sarasota County database security team's report -- the attack that was presumably the source of one of those outages -- is not described or even mentioned specifically in that report. It's still unclear what the second incident referred to in that report may be.

The SQL Slammer Worm, commonly known as Slammer, was discovered in 2002. In January of 2003, when it was first triggered, the virus brought Internet systems down across the world in a matter of minutes. Though most systems vulnerable to the attack have since been patched by a fix provided by Microsoft prior to the initial 2003 attack, the Sarasota County machine that was attacked and subsequently spread an infection that overtook the network infrastructure "was completely unpatched. Essentially it was missing five years’ worth of security updates," according to the October 24, 2006, incident report.

Effects and disclosures

A network security specialist who works for the county and who was part of the team that authored the incident report explains that the damage was contained once the server where the infection struck was taken offline. He believes that beyond the initial damage and the ensuing two hours during which the system became largely unusable --- temporarily making it next to impossible for elections officials to verify residency of voters --- there was no lasting effect on the voting systems used in the 13th District's election or in other races in Sarasota County.