Keylogger.jpg

[Image courtesy of black-of-hat]

Technically, this isn’t the kind of election news I usually blog about (because it doesn’t involve a public election) but I thought it was worth sharing … From UTSanDiego:

A former Cal State San Marcos student who rigged a campus election by stealing nearly 750 student passwords to cast votes for himself and friends was sentenced Monday in federal court to a year in prison …

Weaver, 22, of Huntington Beach was a third-year business student when he carried out the elaborate plan to win election as president of the school’s student council in March 2012. He pleaded guilty this year to three federal charges, including wire fraud and unauthorized access to a computer …

The plan to steal the election was months in the making.

On Weaver’s computer, authorities found a PowerPoint presentation from early 2012, proposing that he run for campus president and that four of his fraternity brothers run for the four vice president spots in the student government. The presentation noted that the president’s job came with an $8,000 stipend and the vice presidents each got a $7,000 stipend.

Weaver also had done a bit of research, with computer queries such as “how to rig an election” and “jail time for keylogger.”

A month before the election, Weaver purchased three keyloggers — small electronic devices that secretly record a computer user’s keystrokes [pictured above – ed.].

Authorities said Weaver installed keyloggers on 19 school computers, stole passwords from 745 students and cast ballots from the accounts of more than 630 of those victims.

The plot was discovered, however, when technicians spotted unusual activity on the last day of the election period:

Using remote access, technicians watched the computer user cast vote after vote. They also watched as the user logged into the account of a university official and read an email from a student complaining that the system would not let her vote.

Weaver had already cast a ballot from the student’s account, which was why she couldn’t vote.

The techs called campus police, who found Weaver at the school computer. He had keyloggers with him and was arrested.

The student didn’t help himself when he engaged in an elaborate cover-up afterwards:

After a brief jail stay, Weaver and a friend created fake Facebook pages using the names of real students. They posted fictitious conversations on those pages to make it look as if those students had conspired to frame him.

The “conversations” on those bogus pages were sent to reporters at U-T San Diego, 10News and the campus newspaper but none took the bait.

Indeed, it was the cover-up more than the crime that earned Weaver jail time:

“That’s the phenomenal misjudgment I can’t get around,” said Judge Larry Burns, who rejected Weaver’s request for probation.

Burns said the election rigging was a serious offense but “kind of juvenile.” Developing a scheme to deflect blame after he had been caught made it worse.

“He’s on fire for this crime, and then he pours gasoline on it to try to cover it up,” the judge said.

Now, as I said above, this story isn’t typical of the kind of news I usually cover – but I still think it’s appropriate for a few reasons:

  • + First, election officials and their staffs need to be aware of the existence of keyloggers even though online voting is not used anywhere in the nation. Specifically, giving an intruder inside access to an election management system leaves the entire process vulnerable to tampering. You and your staffs should be able to identify a keylogger – and if they’re in use make sure you know by whom and why;
  • + Second, even when an attempt to rig an election is unsuccessful, it still generates clean-up costs for the affected entity. The University incurred $40,000 in costs to close the security breach in this case – costs that would likely be dwarfed in the event of an attack on a real election.

Stories like this are in many ways a blessing to the field because they highlight potential vulnerabilities; if nothing else, election offices should stay on top of these developments because it’s almost a certainty that a potential attacker will.