x
Breaking News
More () »

Analysis finds evidence of cyber attack, surge in Knox election night web traffic

Knox County hired Sword & Shield Enterprise Security to look into why the county election commission web page suddenly crashed the night of May 1, the primary election.

Knoxville — A burst of web traffic and what appears to have been an active attack contributed to the Knox County Election Commission's web page suddenly crashing on Election Night, a review released Friday found.

"While the intention of the attack cannot be definitively known, the overall effect was very similar to a (denial of service) attack," the summary by Sword & Shield Enterprise Security Inc. states.

Starting about 8 p.m. the Election Commission's page became inaccessible for more than an hour, right before the commission was to release early election returns. The incident had no effect at all on the commission's vote tallying and compilation, authorities say.

More: 5 things to know about cyber attack

Access to the web page eventually was restored, allowing users to view it as usual.

According to Sword & Shield, which conducted a root cause analysis, a number of things took place on the night the page became inaccessible:

*The firm found evidence of an "active attack" on the web server between 7 p.m. and 10 p.m. May 1 "unrelated to a typical denial of service attack."

*Symptoms of a denial of service attack occurred during the same time period.

*Web server traffic picked up significantly compared to the day before.

*Computer traffic from a "suspiciously large" number of countries outside the U.S. was evident during the same time frame.

*"The number of errors per second on the proxy server was very high on May 1 compared to captured log traffic for different time periods."

More: Mayor seeks analysis of attack

High server activity and the active attack mostly likely led to the website outage, the report states.

A distributed denial of service attack is one in which someone is deliberately trying to stop web users from accessing information by overloading servers with a massive amount of requests with spoofed IP addresses.

A DDoS attack can stop a user from getting to websites and email, and often employ a 'botnet' to do the dirty work-- a network of malware-infected computers all over the world that a person with malicious intent can discretely take control of and flood a single website domain with requests until it overloads and crashes the server.

From 7 p.m. to 10 p.m. May 1, Sword & Shield found, requests came from some 65 countries to access the commission web page. Requests from another 33 countries were identified during other parts of the day, the review showed.

Sword & Shield looked at IP addresses in data logs to identify traffic coming from the various countries.

Canada, the United Kingdom, Chile, France and Italy were among the countries generating the most traffic the night of May 1. Other European, Asian and Central American hits were identified.

Before You Leave, Check This Out