Western University and the University Students Council (USC) have announced that the 2012 USC Elections are deemed invalid and that voting has been halted.
This invalidation includes all USC elections as well as elections for undergraduate student positions to Western’s Board of Governors and Senate, as well as two referendum questions.
A decision was made after Western’s ITS department had determined that the USC elections portal, located on the Western server, was compromised.
It is anticipated that a new vote will be held the week of February 27th (the week after Reading Week).
More details will be forthcoming once new voting dates and times are set.
If you have any questions, please email us at usc@uwo.ca.
Hey,
I was just wondering if the ITS department is going to look into finding out who it was that hacked the website? It might not even be possible, but members of my constituency are wondering if there is going to be consequences for tampering with the elections.
Thanks!
Emily Soti
Kings USC Rep
Yes, Western’s ITS dept has enough information to positively identify the individual involved, and has passed that information along to Campus Police. This type of action can be prosecuted under the Canadian Criminal Code and the University Code of Student Conduct, which could mean criminal charges and / or expulsion.
Pingback: Last day to vote, have your say! — UPDATED | mitZine Online
Stupid. How do you let this happen.
To clarify, the USC had no way of knowing of any security vulnerabilities with the website. The site itself was designed by a Western ITS staff member for Western’s own internal elections, and is hosted on an ITS server. The USC simply utilizes their platform for our elections, so that the entire process can be held at arm’s length and to ensure impartiality. Unfortunately, to complicate matters, the staffer retired last month!
According to ITS, the title of the Election was changed using a technique known as SQL injection – purposefully sending malformed address information to a website in order to force it to access a database in unusual ways. No personal information (i.e. usernames or passwords) could have been compromised by this attack, and the principle of the “secret ballot” was not violated – the attacker could not know how any particular student voted in the election. Beyond that, ITS could not guarantee 100% that no votes were changed — that margin of doubt was enough to invalidate the election results.
A team from ITS is currently working on “hardening” the site to prevent this from happening again. We have every confidence in their abilities; however, we will investigate the elections processes used by other Universities.