County Investigating Attempted IT Breach

June 7, 2012 | 12:08pm

Officials from the County and Hewlett Packard are investigating what appears to have been a deliberate attempt to breach the County’s main public-facing website Tuesday night.

The disturbance did not affect ballot counting or other election processing, but limited public access to voting results during a peak traffic period. It is not clear whether the attempted breach aimed to interfere with Tuesday’s election.

The disruption began at about 8:15 p.m. when the County’s IT system detected an abnormal surge in online traffic to the County’s main website, sdcounty.ca.gov, from a single, unknown IP address. The number of hits from that account rapidly jumped to well over one million per minute and continued at that level. The County’s firewall recognized this as suspicious activity and closed off outside access to the County’s websites for security purposes.

Officials from Hewlett Packard, which provides IT services to the County, described the event as a denial-of-service attack, which is when an “attacker attempts to prevent legitimate users from accessing information or services,” according to the U.S. Department of Homeland Security’s Computer Emergency Readiness Team. They ruled out any technical, hardware or software failure and determined the County’s websites did not crash or fail. No capacity overload occurred. The County’s internal security system worked properly by detecting the malicious traffic and then blocking any additional threats.

The event disrupted public access to the Registrar of Voters’ website, sdvote.com, during a peak period of interest and blocked access to all other external County sites until 9:56 p.m. when the sites went back online. Internally, however, all sites continued to function and County employees provided election information to the public and media. County staff provided paper copies of election results to media outlets at Golden Hall and the Registrar of Voters office in Kearny Mesa. Major local television stations continued to receive updated results electronically through direct feeds.

The County is working closely with Hewlett Packard and its security team to investigate who or what may have been responsible for this event. Both entities are also looking into what additional measures can be taken to prevent a similar event in the future.