The NDP leadership convention has wrapped up in Canada. While a leader was selected, there was an underlying problem with the voting process itself. Since the CBC apparently did not have the resources to understand what a DDOS attack even was which appears to have been what happened to the NDP voting system, we here at ZeroPaid decided to fill in the role as a source for understanding what happened.
Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes
For those who were like me and watched the live coverage offered by the CBC, some of the coverage was certainly less than satisfactory. No, we’re not talking about Peter Mansbridge grumbling about missing his Leafs game part way through the live coverage, but rather the handling of the CBCs coverage of the DDOS attacks that seems to have happened to the NDP voting system.
The events took place part way through the third round of voting. Reporters working for the CBC noticed that lines for electronic voting systems were suddenly not moving. They did correctly suspect that something wasn’t right. After a few minutes, there was an announcement that the voting system was receiving a higher than normal amounts of traffic. While the audience did cheer this point, this could have meant one of two things:
1. That there was a large influx of voters using the internet component of the voting system set up by the NDP.
2. That a DDOS attack was occurring.
Shortly after, the solution was to pull the plug on the internet component of voting at let people at the convention continue their voting. For someone like me, it was very obvious that it was a DDOS attack that happened. Unfortunately, this was not one bit obvious to the CBC reporters who were scrambling to find an answer to this while incorrectly insinuating that the NDP was at fault for the technical problems.
The CBC then managed to interview Brad Lavigne about the problem and he confirmed that this was, indeed, a DDOS attack. Evan Solomon, who has an advertising campaign for his show, “Tough, but not unfair”, asked whether or not the votes were affected by this. This individual answered that the votes were not affected by this. Solomon proceeded to reword the question on whether or not the votes were affected multiple times to which the obvious answer was “no”.
Somehow, in the midst of trying to understand this thing called a “DDOS attack”, the reporters settled on an analogy of a burglar breaking into someone’s house and setting off the alarms as an explanation for what happened. Some time after this, the CBC suggested that the NDP should be criticized for not being prepared for such an attack.
So, now that the convention is over and there’s plenty of opportunity for a better explanation for what a DDOS attack is to surface on their website. We did manage to find one article on this which had the following explanation for what happened:
The party first chalked it up to the servers being overwhelmed, but with a small percentage of members actually casting ballots the day of the leadership convention, they were soon facing questions over a possible denial of service attack, in which an attacker tries to overwhelm a server with requests.
Senior party official Brad Lavigne said someone was deliberately trying to mess with their system.
“The only thing they were able to achieve was a little delay,” Lavigne said. “There is someone outside the system who is attempting to mess up our system.”
The system was not hacked, Lavigne said, and the integrity of votes cast was not compromised. But the attack delayed third- and fourth-round voting, officials said.
Obviously, this explanation really does little to educate the public what happened and certainly, for me anyway, does little to make the experience of using the CBC as a source less painful in this case.
So, we here at ZeroPaid would like to educate the public on what a DDOS attack actually is. A DDOS attack stands for a Distributed Denial of Service Attack. An in-depth explanation can also be found on Wikipedia. There has been some debate on whether or not this is really a form of hacking. If it is, I’d argue that it’s a very low grade form of hacking.
Generally speaking, a particular computer or server is a target for such an attack. A series of computers is then used to send requests to that particular computer. Computer requests on the internet happen all the time which can make it difficult to distinguish between a request from a single user and requests from a malicious attack. These computers used to send these requests usually are from a collection of compromised computers (usually a botnet) that can help hide the attackers location in the process. These requests eventually overwhelm the targeted computer and force it offline. While the data on the computer is very likely intact, the ability for others to access the contents of this computer (send a request, view a webpage stored on that computer, etc.) is severed. This is a far cry from a more sophisticated attack where someone actually breaks in to a system and tamper with the data.
I personally spent all evening trying to think of a way of salvaging the analogy of a burglar breaking in to someone’s house, unfortunately, I was unable to think of a single way. So, perhaps a better analogy is a restaurant. There’s a rush of customers that come in for lunch and many people make their orders. This makes the restaurant very busy. However, someone wants to wreak hacov on this restaurant by overwhelming their services. So, that person gets a thousand people to walk in to this restaurant to make various orders all at once. It doesn’t take long before the restaurant manager heads for the door and tells everyone still waiting that they are unable to take any more orders at the same time. This leads to long line-ups outside with many people who have legitimate orders as well as people who are just trying to jam up the whole system. This is certainly a way better analogy to a DDOS attack than a burglar breaking in to someone’s house and setting off the alarms.
There’s one last point to be made here, is it possible to guard against any form of DDOS attacks? If there has been headway made, I’m not personally familiar with it. The topic of thwarting DDOS attacks has been actively debated back in 2010, but I’m not familiar with anything that would completely thwart such activities in the first place.
While we don’t want to demean others or put down anyone in any way, but I think it’s a fair request for news agencies to quickly look something like “Denial of Service” attacks up before jumping to less than accurate conclusions. I also don’t think it would hurt to have someone on staff that at least knows something about computers much like Bob McDonald who can discuss and explain scientific topics to the audience. I don’t want to find myself yelling at my television screen again over something like this.
Drew Wilson on Twitter: @icecube85 and Google+.