From the earliest days of the Internet, a classic attack against websites and web-enabled systems has been to flood the resources of that system with spurious traffic. Not necessarily malicious traffic — one of the first was simply to set up a small program that would try to make an HTTP connection to the targeted web server over and over again as fast as the attacker’s little bits could manage. The connection requests were completely mundane requests for a web page, but make enough of them, and the targeted system would be paralyzed, blocked, or even brought down.
You might not even know you were being attacked. In one famous early internet catastrophe, a major toy retailer liked its brand new e-commerce website so much that the CEO arranged a big media buy for Thanksgiving Day among the football games without actually asking the technical staff. Every mom and grandma in North America decided to get an early start on her Christmas shopping while dad and the boys were watching the game — and the massively under-resourced website played Titanic.
When it’s done maliciously, it’s called a denial of service attack.
Eventually, the technology improved, and web systems would have ways of shedding excess load — but then the hackers in black hats started creating malicious bots that could be installed surreptitiously to carry out the attacks from hundreds or thousands of computers at once, which then gives us a distributed denial of service (DDoS) attack.
Again, technology was invented to deal with it. Now, services like Cloudflare use sophisticated technology to thwart DDoS attacks. (Of course, Cloudflare managed to turn its sophisticated technology into a DDoS attack, but that’s a story for another time.)
The point is this: every denial of service attack depends on overwhelming an omitted resource — the number of sockets (virtual ports) needed for a web connection, the limits of the web server program, and just the amount of processing power available to service requests. With enough demand, any limited service will grind to a halt.
And now we come to the election.
I first thought of this when I read about Maricopa County in Arizona receiving 90,000 voter registrations on the very last day they could be considered. That’s a lot of forms to be processed, and they all apparently came in bulk from a few sources. It meant a massive demand on the services of the county registrar, and then it turns out 40,000 were damaged in some way — torn, water damaged, a bunch of things. Of course, damaged registrations have to be processed somehow, and a good-faith effort to process a damaged form takes more time and effort than a pristine one.
In other words, it was an attempt to overwhelm a limited resource.
A number of Pennsylvania counties had various irregularities, from fraudulent registrations to election judges “accidentally” showing up late to resources “accidentally” not getting to the polling place to Republican poll watchers being denied entry.
(I was a Republican election judge in Pueblo, Colo., at a time when the Democrats' machine made Pueblo known as “Little Chicago,” but they never tried to actually exclude Republican poll watchers.)
In every case, we’re seeing some essential rescues being limited or denied.
It’s easy to come up with complicated conspiracies to explain this, but I suspect what we’re really seeing is a bunch of people, more or less independently, deciding to “save democracy” by keeping it from working.
I think we’re seeing a massive and distributed denial of service attack on the election.
Join the conversation as a VIP Member