, and more taken down in Syrian hack

The SEA strikes through DNS servers.

Hackers took down the New York Times, Twitter and Huffington Post websites overnight through a method known as DNS hijacking. Although the NYT's website is still down this morning, the rest appear to be back up, albeit with continued problems on some subsystems. The Syrian Electronic Army (SEA) hacking collective is obliquely claiming responsibility on Twitter.

The SEA is famous for finding novel entry-points into a company's online presence, and this is no different. Rather than hacking into the companies' servers directly, DNS hijacking allows an attacker to redirect the web address which normally points to the servers on which the site is stored.

Every server on the internet has a unique IP address, a 12-digit code which refers to its virtual location. But in order to avoid having to remember all these numbers, there's a second system which sits on top of IP addresses, which lets us type in the alphanumeric domain names we all know and love. When someone enters into their address bar, the browser looks up the domain name using a Domain Name System (DNS) server; that server then tells your browser what IP address the URL points to, the two computers connect, and everything works happily.

What happened overnight is that the SEA managed to break into the website of Melbourne IT, the company which the New York Times and others used to register those domain names. They then changed the records so that instead of pointing to the New York Times' website, the address pointed to theirs.

On the one hand, that's a lot less bad than it would be if the servers themselves were broken into. The New York Times continued to publish normally to their IP address,, and don't appear to have lost any data or sensitive information. On the other hand, the sites were still down, and the redirect still exposed users to potential security risks. For instance, it would be possible to build a passable version of a log-in page and steal a lot of passwords. When it comes to Twitter, one of the affected companies, the problems are even greater: the site has a lot of code embedded throughout the internet, in the form of tweet buttons and single-sign-in services. If the SEA had wanted, that could have been the beginning of a much more serious collection of hacks.

As it is, the group appears to have limited themselves to their normal operations, the digital equivalent of graffiti. Albeit graffiti in a very prominent place. But that it was so easy to take down the sites of such huge media organisations should give us all the shivers. The internet is a long way from secure, and some of the biggest problems left are fundamental to how the whole thing works.

What happens if you visit

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Show Hide image

“There will be an absolute meltdown in 2020” : what’s holding back the introduction of electronic voting?

The government's reluctance to implement electronic voting will affect our future, and in – the case of Brexit – may have already dramatically affected our past. 

Imagine, just for a second, that the situation was reversed. Imagine if, for a hundred years, we had scanned, swiped, and tapped our votes into a secure, fool-proof electronic system and someone waddled along and said, “Alright lads, how about we try pencil and paper?”. How about we desperately try to find a spare hour to shuffle to the village hall in the rain and scratch an “X” onto a scrap of paper with a stubby bit of lead, and then let a volunteer named Deidre count it at two am? What could possibly go wrong?

If you picture this scenario – posited by my colleague Anna – then it quickly becomes clear how ridiculous it is that the UK has not yet implemented electronic voting in any lasting way, shape, or form. Not only are we not on board with popping online to vote, we’re also reluctant to use technology when it comes to marking our ballots, authenticating voters’ identities, and counting votes. Despite the success of electronic voting in countries such as Brazil, Estonia, and India, the UK continues to reject reform. Why?

 “I think the problem is political at the moment,” says Mike Summers, the program manager at Smartmatic, an electronic voting company who have run three national elections in the Philippines, have a 15 year contract with Belgium, and have counted around 3.7 billion electronic votes in 12 years. “I think there is a fear that if you enfranchise groups of younger people, then you don’t necessarily know how they’re going to vote.”

We can, however, make a pretty good guess. Smartmatic’s own research shows that 57 per cent of 18-24 year olds would be more likely to vote if they could do so online and 55 per cent said they would have used online voting at the last general election. As Labour's vote share could have been boosted at the last election if only more young people had turned out to vote, this might make electronic voting an uninviting prospect for Theresa May.

“Prior to the last parliamentary election the Labour party were vehemently in favour of electronic voting,” says Summers. “Things are moving very slowly compared to other developing and developed nations so our reading of the situation is that it’s a largely political one.”

The consequences of this inaction are severe. Holding off on a voting system that provides greater accessibility to all compromises the very notion of democracy, but it also has potentially more immediate repercussions. “In 2020 everything is going to hit the proverbial fan we’re going to be a laughing stock,” says Summers.

The reason for this is because of the wide array of elections sheduled for 2020. Not only will there be a general election, there are also police and crime commissioner elections, the London Assembly and the London mayoral elections, and also local elections. “There is real concern that because of the complexity of this event there is going to be an absolute meltdown.”

Electronic voting would help prevent such a meltdown by ensuring, among other things, that voters couldn’t accidentally mark a first past the post ballot with a preferential voting system (or vice versa), that votes could be counted faster, and that overseas votes would not be lost in the post. The last is of particular importance as the government are now planning to scrap the 15-year rule that bans long-term expatriates from voting in UK elections.

“That’s a potential five million additional expats who will be eligible to vote,” says Summers, “How are you going to service them?” The answer to that is via the postal vote, and the limitations of this traditional method make the case for electronic voting even stronger.

“Postal voters authenticate themselves with a signature – mine is easily forgeable – and their date of birth,” says Summers. “The traditional methods are not secure. With online voting we can use facial biometrics to compare a person’s digital facial portrait – a selfie, if you like – with their ID, and we can verify there is a match.

“The next problem is security, and putting your ballot in an envelope is not secure. We have very, very strong application level cryptography. The moment a voter casts their ballot we encrypt it on the voting side and digitally sign it as a method of proving the integrity. Additionally, when postal voters put their vote in the post box they have no way of checking it was received or counted, so you have no verifiability. We have a number of tools that voters can use to verify their vote was received and was included in the final tally.”

Nowhere is the importance of the postal vote clearer than in the case of Brexit. “You could argue that the outcome would have been different,” says Summers. “Lots of expats voted by post and a lot of the votes didn’t come back before the close of the election count. We have an office in Amsterdam and one of the guys plays in a local rugby club in The Hague. There are ten Brits on that team and six of them received their postal vote after the close of the election. If you’re an expat living overseas then are you going to vote for or against Brexit? If those voters had voted then the outcome could have been completely different.”

Yet the benefits of accuracy, transparency, verifiability, and accessibility are easily side-lined by one bloodcurdling word. Hackers. If Hillary Clinton’s emails can become your bedtime reading, isn’t it possible – nay, probable – that elections will be hacked, falsified, and corrupted?

“The easiest election to hack is a paper election,” says Summers. “It is important to educate people on the difference between election information systems, which the DMC use, and voting systems. The protections of voting systems are above and beyond anything you will use in any other online application, including online banking and ecommerce solutions.”

As a representative of Smartmatic, Summers would say this, but they and other companies have created a wide variety of solutions which – even if imperfect – are vulnerable to fewer mistakes than Deidre in the village hall. Even if there are flaws, it seems important to iron these out now – before 2020 – to ensure the success of electronic voting in the future.

Although the House of Commons’ Commission on Digital Democracy recommended that the UK should adopt electronic voting by 2020, there is little evidence that steps are being taken towards this goal. “I’d love to turn around and say I think steps are being taken but there is a lack of willingness to acknowledge the shortcomings that we have in terms of UK elections,” says Summers. For now, then, the debate rages on. Should we stick to the tried-and-tested, or should we transform the electoral process forever? I know – let's vote on it. 

Amelia Tait is a technology and digital culture writer at the New Statesman.