SQL Slammer Worm Breached Firewall, Took Down County Database System, Halted Voting, Rewrote Admin Passwords According to Previously Unreleased Document
Further Damagage Unknown; Disclosure to Plaintiffs, Scientists in Election Contest Unclear...
By Brad Friedman on 5/16/2007, 12:08pm PT  

Some guy named Brad Friedman has a breaking exclusive over at ComputerWorld on the contested FL-13 election between Christine Jennings (D) and Vern Buchanan (R).

As Friedman's brilliant reportage reveals, previously unreleased documents show that Sarasota County's database network was hit by a viral worm attack on the first day of Early Voting last year. The attack, by a variant of the SQL Slammer Worm, wrought havoc on the system, bringing it to its knees for about two hours on that first afternoon of voting, leaving voters at precincts unable to cast their votes.

Details about further damage which may have occurred during, or in the wake of, the successful hack remain unclear. Whether or not the ES&S iVotronic touch-screen voting machines --- which failed to record the selections of some 18,000 voters in the election decided by just 369 votes --- or the central tabulator used in that FL-13 race were directly affected is unknown for certain. The security specialist who filed the incident report, interviewed by Friedman, acknowledges that "it's a possibility," though he believes the damage was contained and didn't spread to the Elections Supervisor's network infrastructure.

Also unclear is whether or not the viral attack and the report which documented it were disclosed in the discovery process to the plaintiff's attorneys who are challenging the election in state court and in the U.S. House. It doesn't seem so.

See more in Friedman's compelling exclusive over there, which includes a PDF of the previously undisclosed incident report describing what happened as the worm slammed an unprotected county server (which had been five years behind in security patch updates), spread throughout the system, breached the firewall, rewrote administrative passwords, and brought voting to a halt in Sarasota on October 23, 2006, the first day of Early Voting. An interestingly timed attack to say the least.

As CW only links to a PDF version of the two-page incident report, we'll be kind enough to include a graphic version of both pages below.

The previously undisclosed two-page incident report, as filed by the Sarasota County network security team, housed in the county's Suncoast Technology Center, follows in full...

NOTE: The incident occurred on 10/23/06 and the incident report was filed on 10/24/06. The second reference to the incident date as "10/14/06" is a typo, as confirmed by Sarasota County Information Security Analyst Hal Logan, a member of the team which filed the report. A PDF version of the following is available here.

===

Brad Friedman is an investigative journalist, blogger, proprietor of The BRAD BLOG, and an authority on issues related to American election integrity.