Iowa GOP worried by hacker threat to caucus vote
IOWA CITY, Iowa—Taking seriously an apparent threat from a notorious collective of computer hackers, the Iowa Republican Party is boosting the security of the electronic systems it will use in two weeks to count the first votes of the 2012 presidential campaign.
Investigators don't know if the threat is authentic, but it has nonetheless led the state party to confront a worst-case scenario. Their fear: an Iowa caucus marred by hackers who corrupt the database used to gather votes and crash the website used to inform the public about results that can shape the campaign for the White House.
"With the eyes of the media on the state, the last thing we want to do is have a situation where there is trouble with the reporting system," said Wes Enos, a member of the Iowa GOP's central committee and the political director for Minnesota Rep. Michele Bachmann's campaign in the state. "We don't want that to be the story."
Confident in the existing safeguards protecting the vote count itself, Enos and other members of the party central committee told The Associated Press they recently authorized additional security measures aimed at ensuring hackers are unable to delay the release of caucus results.
The state GOP fears such a delay could disrupt the traditional influence of Iowa's first-in-the-nation vote. Candidates who do well tend to gain momentum in the presidential race, while those finishing at the back of the pack may drop out. Experts in computer security said such concerns are valid.
"It's very clear the data consolidation and data gathering from the caucuses, which determines the headlines the next morning, who might withdraw or resign from the process, all of that is fragile," said Douglas Jones, a computer science professor at the University of Iowa who has consulted for both political parties.
"If I were one of these `hacktivists' who had no scruples, I would be really strongly tempted to see if I could get into the computer and see if I could make `SpongeBob SquarePants' win."
A former activist for Occupy Des Moines, Clarke Davidson, has said he posted the two-minute video on YouTube after masked men left it outside his tent near the state Capitol on Nov. 3. Other members of the protest group have discounted Davidson's story and say they oppose any efforts to shut down the vote count.
The video claims to be from Anonymous, a loosely organized group of hackers that has claimed credit for attacks on targets ranging from the Peruvian government to Paypal. It features a computer-generated voice denouncing what it calls a corrupt political system that favors corporations and calls on supporters to "peacefully shut down the first-in-the-nation Iowa caucuses."
Investigators aren't sure whether the video is actually from anyone affiliated with Anonymous, and state authorities have not taken any actions since the call to "peacefully shut down" the caucuses does not amount to a crime, said Jim Saunders, director of the Iowa Intelligence Fusion Center at the state's Department of Public Safety.
Unlike most presidential primaries, which are conducted by state governments, Iowa's caucuses are run by the political parties. On Jan. 3, voters will gather in roughly 1,800 precincts in Iowa's 99 counties to declare their preference for a candidate. Those results are then reported to the state party, where they are tabulated electronically and reported to the public on a website.
The GOP is also encouraging the party activists who run the precinct votes to use paper ballots instead of a show of hands, which has been the practice in some areas. The ballots would provide a backup in the event of any later confusion about the results.
"If a hacker gets in and messes it all up, we can reconstruct (the results)," said Drew Ivers, chairman of Texas Rep. Ron Paul's campaign in Iowa and a member of the state GOP central committee. "It would take a little while. It might take a day or two, but we can do it."
Among the early voting states, the hacking concerns have most spooked officials in Iowa. In New Hampshire, whose primary is one week after the Iowa caucuses, officials rely on a mostly manual process that uses paper and is less vulnerable to an attack on computer systems, said Assistant Secretary of State Anthony Stevens. In South Carolina, which follows 11 days later, State Election Commission spokesman Chris Whitmire said he was not aware of any concerns.
Ryan Gough, the Iowa GOP official in charge of coordinating the caucuses, declined to comment on specifics of the new security efforts so as not to give away "the game plan" to hackers.
But Jones said officials are likely working to prevent two of Anonymous' favorite tools. The first sends thousands of requests to a website server, rendering the site inaccessible. The second is known as a "SQL injection" and could be used to change the content of a computer database, including one used to record vote totals.
When elections officials in Washington D.C. tested an online voting system last year, University of Michigan researchers were able to use an SQL injection to quickly invade the system and make it play the Wolverine fight song every time someone voted, he said.
"These SQL vulnerabilities are notorious, widely known and yet it's a mistake people keep making," Jones said. "It is one of the first things that you try these days."