Worm attacked voter database in notorious Florida district
Machine in hotly contested 13th Congressional district lain low by Slammer on first day of election
Computerworld - The computer database infrastructure of Sarasota County, Fla., was attacked by a notorious Internet worm on the first day of early voting during the 2006 election, which featured the now-contested U.S. House race between Democrat Christine Jennings and Republican Vern Buchanan in Florida's 13th Congressional district.
In the early afternoon hours on Monday, Oct. 23, 2006, an Internet worm slammed into the county's database system, breaching its firewall and overwriting the system's administrative password. The havoc brought the county's network -- and the electronic voting system which relies on it -- to its knees as Internet access was all but lost at voting locations for two hours that afternoon. Voters in one of the nation's most hotly contested Congressional elections were unable to cast ballots during the outage, since officials were unable to verify registration data.
An incident report filed by the county explains the intrusion and temporary havoc wrought by the virus.
According to a two-page report examining an October 2006 outage, a server on Sarasota County's database system was attacked by "a variant of the SQL Slammer worm." Once infected, as the report details, the server "sent traffic to other database servers on the Internet, and the traffic generated by the infected server rendered the firewall unavailable."
In a separate document, titled "Conduct of Election Report, Sarasota County General Election, November 7, 2006" there are two different Internet service outages mentioned, though the viral attack described in the Sarasota County database security team's report -- the attack that was presumably the source of one of those outages -- is not described or even mentioned specifically in that report. It's still unclear what the second incident referred to in that report may be.
The SQL Slammer Worm, commonly known as Slammer, was discovered in 2002. In January of 2003, when it was first triggered, the virus brought Internet systems down across the world in a matter of minutes. Though most systems vulnerable to the attack have since been patched by a fix provided by Microsoft prior to the initial 2003 attack, the Sarasota County machine that was attacked and subsequently spread an infection that overtook the network infrastructure "was completely unpatched. Essentially it was missing five years’ worth of security updates," according to the October 24, 2006, incident report.
Effects and disclosures
A network security specialist who works for the county and who was part of the team that authored the incident report explains that the damage was contained once the server where the infection struck was taken offline. He believes that beyond the initial damage and the ensuing two hours during which the system became largely unusable --- temporarily making it next to impossible for elections officials to verify residency of voters --- there was no lasting effect on the voting systems used in the 13th District's election or in other races in Sarasota County.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts