First, the good news.
Lobbyists Frank Mayernick, Rhett O’Doski, Monica Rodriguez and Ron LaFace have made the Final Four of TallyMadness — an online voting competition to determine Florida’s “best” lobbyist.
Now, the bad news.
We might very well not ever know which of these four is the 2013 champion.
Hackers have broken into TallyMadness.com and rendered the site almost unusable. I cannot access the site. My programmers can’t access the site. GoDaddy has quarantined the site because the attacks made against it are a threat to its server.
In other words, TallyMadness is on hold.
Who are these hackers who have ruined such a good thing?
Without a doubt, they are pro-National Rifle Association supporters of Marion Hammer, the lobbyist for the organization.
On Monday night, we detected unusual activity on TallyMadness.com, most of it related to voting in the bracket of Marion Hammer vs. Gus Corbella. Corbella, the 2011 TallyMadness runner-up, was ahead of Hammer by 3,500 votes with less than forty minutes left in voting. It was all but certain Corbella would win this face-off.
That’s when we first noticed attempts to break into the site. At 9:26 p.m. we locked down the site and closed off voting.
Later, we queried TallyMadness’ MySQL database and found some interesting results.
At 10:07 p.m., it showed Gus Corbella having won the match-up with 34,850 votes to Marion Hammer’s 31,675.
At 10:17 p.m., it showed Marion Hammer received 8807 votes (after the polls were closed).
The interesting thing is that the total voters only went up by one (from 66525 to 66526), meaning one person voted 8807 times in 10 minutes — which is impossible to do through the website after the polls were closed.
Here are screenshots of what we saw:
What the MySQL database also showed was that someone had used a MySQL INSERT command to insert 8807 votes into the database.
The next morning I received this email from Ms. Hammer:
“When I checked my email this morning, waiting for the coffee to come down, I had email from friends telling me that I had won my bracket of the TallyMadness Lobbyists competition. I logged on to check the totals and found that, indeed, the result pages showed that I had more votes than my dear friend Gus Corbella.
“I then went to the brackets to see who all had advanced to next round. I was surprised to find that Gus, not I, had moved on to the next round. Thinking I read the result page wrong I went back to check it again. Attached is a PDF of the screen shot of that page showing that I had won.
“If the results page shows that I won the 3rd round as is shown in the screen shot clearly shows, would kindly explain to me why you moved Gus into the next round?”
At this point, I thought I had erred, that I had somehow prematurely declared Corbella the winner. That’s when we investigated the MySQL database and found the results mentioned above.
After a series of emails with Hammer, whom I generally respect, explaining what happened, I thought the issue was resolved. She lost. Corbella won. Time for the Elite Eight, right?
Wrong. That’s when Hammer’s supporters went on the attack.
First, I began to receive emails, like this one from a Patricia Hardman:
“You have confirmed my worst fears about electronic voting. I made numerous attempts to vote for Marion Hammer from 9:30-10 but couldn’t get any to go out to you. I guess you didn’t want her to be one of the winners. What you have done with this simple contest that really meant little was to manipulate the voting. I assume you are already being hired to rig the next election if they get electronic voting for political offices. Why don’t you share who you plan to win the Tallymadness with me so I can make some side bets and split the pot with you?”
And this one from a Terri Carlton:
“I want to let you know how angry I am with the way that you have “worked” the TallyMadness contest.
“I voted for Marion Hammer and was in the middle of doing so at 9:26 p.m. last night when the voting was closed. It was supposed to be open until 10:00 p.m. Because of that, I find it hard to believe the results for any of the brackets can be validated because the whole contest seems to be manipulated by you.
“Worse, the students of Woodland Hall Academy, took time out of their schedules to vote for Ms. Hammer and it is disheartening for them to discover that “voting” doesn’t really matter if the person in charge of the contest has an agenda and their votes don’t really count.
“Rest assured, I won’t be voting in your contest again, and will make sure (via social media and word of mouth) that others avoid it as well.”
Hammer herself warned me about what could be in store for me:
“I’ve gotten copies of a couple of “nasty-grams” that my supporters have sent you regarding the poll. Sometimes they are relentless in their passions. They can be very protective but please don’t be offended.”
Unfortunately, “nasty-grams” were not the only thing received from Marion’s supporters.
A major security breach on SaintPetersBlog.com and TallyMadness.com occurred last night, forcing GoDaddy to add an additional firewall to my sites, hence the slow load-time. We are still attempting to determine what occurred last night, which was a different kind of hack attempt than the previous effort to manipulate the voting.
Why do I blame Marion’s supporters for this hack? Because 99% of the inbound traffic in the moments leading up to the attack originated from message boards for national gun rights activists, as I previously wrote about.
So, at this point, the Final Four of TallyMadness is on hold until the security of SaintPeterBlog — which is a large portion of how I derive my livelihood — is secure.