Hotmail Takes on Election Duties as Servers in New Jersey Crash

Photo: Julie Jacobson/AP

In an effort to accommodate voters displaced by Hurricane Sandy, New Jersey decided to allow voters this year to request ballots by e-mail and submit them via e-mail and fax.

But that solution has turned out to be a disaster after e-mail servers used to send and receive election ballots in at least two major counties got clogged or crashed on Tuesday under the weight of voter traffic.

At least one official in Essex County, which has 451,000 registered voters, decided to solve the problem by inviting voters to send their ballot request to his personal Hotmail e-mail address.

“Per Essex County Clerk Christopher J. Durkin: Displaced voters can email a request for a ballot at [email protected]…,” according to a post on the Facebook page for West Orange, NJ.

Not exactly a secure option, as security researcher Ashkan Soltani notes. Apparently Durkin uses his mother’s maiden name as the “password recovery” question for his account.

This, along with other problems New Jersey has experienced, prompted harsh words from one prominent election advocate.

“There’s just one word to describe the experience in New Jersey and that is catastrophe,” said Barbara Arnwine, president and executive director of the Lawyers’ Committee for Civil Rights Under Law in a press conference. “The county servers have crashed. Exxex and Hudson counties are emailed backlogged, and have announced they will not be able to process requests to vote online today.”

She also noted that as of 9 a.m. Eastern, polling places in New Jersey had not yet opened and multiple polling places did not have ballots.

New Jersey decided to allow voters to cast ballots by e-mail and fax, after so many voters had to abandon their homes and neighborhoods as a result of Hurricane Sandy, and polling places had to be moved or closed due to electrical outages and flooding.

Voters were told to send an e-mail to county election offices to request a ballot, after which they could scan the ballot and e-mail it back to officials. But problems occurred when voters sent the large ballot image files back to the e-mail accounts, and overloaded them. Traffic slowed as a result, and only became exacerbated as more voters tried to send repeated e-mail requests to obtain ballots or mail in completed ballots.

“If they don’t get a response right away, they’re sending another request, so it ends up being multiple, multiple requests, and the server just came down, it was overwhelmed,” says Pam Smith, President of Verified Voting. “The state’s e-mail accounts were full.”

Smith noted that the problem occurred with the e-mail server, not the vote-counting server.

New Jersey is requiring voters who submit ballots by e-mail to also mail in their paper ballot, in response to concern from voting activists that e-mail could be intercepted and altered or spoofed. Voters in New Jersey who have been displaced are also being allowed to cast provisional paper ballots at any polling place in the state, instead of being limited to their neighborhood polling place.

Election problems throughout the country are being monitored by the Election Protection Network, a coalition of about 150 legal and civil rights groups from around the country, who have stationed election legal experts in problematic polling places in Ohio, Florida, and other locations, and have also set up a toll-free hotline to answer questions from voting and collect reports about problems.

The group’s voter hotline number, 1-866-OUR-VOTE (866-687-8683), had received more than 30,000 calls by 9 a.m. PST on Tuesday.

Voters so far have reported complaints about voting machines that are out of order — causing long lines at polling places — as well as calibration problems with voting machines that register a vote for one candidate, when they’ve selected another. One voter posted a video (below) showing the problem — a common one with touchscreen voting machines — at his polling place.

Image Theft via FTP Could Be First Stage of Attack

We recently came across a Trojan that steals image files of .jpg, .jpeg extensions, and Windows memory dumps (.dmp) from victims’ machines and uploads them to an FTP address hardcoded in the malware.

This Trojan silently opens a command line and copies those image files found on the C, D, and E drives to the C drive. These collected file are then sent to an FTP server.

We suspect this malware is in its first stage of development for information theft, and we expect it to return as a more sophisticated attack. The stolen image files could be used for blackmailing the victims and demanding a ransom. We are aware of nude pictures of celebrities stolen a few months back. This malware could be deployed for a similar operation.

We also suspect the attackers would like to learn about vulnerabilities on the victims’ machines; perhaps that is why they are looking for .dmp files, which carry data “dumped” from a program’s memory space. They are often created when a program has an error in coding and crashes.

Gathering .dmp files could by a typo by the malware authors, who might have sought .bmp image files instead.

Malware collecting .jpg , .jpeg, and .dmp files from a victim’s C, D, and E drives and copying them to the C drive.

After collecting the files, the malware connects to an FTP link : and logs in with username “wasitnew” and password “qiw2e3r4t5y6.”

Malware connecting to the Internet with username, password, and FTP address.

Using Wireshark, we can see below that an image file—autumn.jpg—has been uploaded via FTP after authenticating.

“Autumn.jpg,” collected from an infected machine, being uploaded via FTP.

The FTP server storing the collected files.

We noticed the FTP server died on November 5.

This malware can evolve with more sophisticated code and cause more harm. Since 2008 we have seen image files carrying embedded image files within. Malware authors sometimes hide their commands behind an image file using steganography.

We advise our customers to pay extra attention when they save any file type while online and to keep their antimalware software updated.


VMWare ESX Source Code Leaked On The Internet

Another big source code leak, this time VMWare ESX, software which I’m sure most of the readers here have used at some point (I know I have). There was a time back in 2006 when VMWare Rootkits seemed like they might be the next big thing, but nothing much ever came out of it. VMware [...] The post VMWare ESX Source Code Leaked On The...

Read the full post at