All Star Site Gears Up for Hackers

BOSTON (05/26/2000) - Major League Baseball's (MLB) All-Star Game has been taking great pains to make sure fans don't hack, hack, hack for the home team.

Last year, MLB collected 1 million online ballots -- the most since it kicked off electronic balloting in 1996. The organization hopes to double that number before this year's July 2 deadline, according to MLB spokesman Pat Courtney.

But All-Star officials are trying to reach that goal without a repeat of an incident last season where a fan from Carver, Massachusetts, tried to stuff 39,000 votes for Boston Red Sox shortstop Nomar Garciaparra through the online balloting system.

"Baseball clearly, coming off last year's issue, was concerned about this," said Tim O'Mara, senior vice president of operations for Bellevue, Washington-based SeasonTicket.com Inc., which is in charge of this year's electronic tabulations.

"This site's high-profile, and we know it," O'Mara added.

Fans will be allowed to cast 25 electronic ballots -- an average of one for each home game during the balloting period -- from a single e-mail address.

All addresses will be verified, daily audits of the votes will be performed, and the totals will be posted daily, rather than in real time, to allow for those audits to take place, O'Mara explained.

"We're confident (hackers are) not going to cast an illegal vote that gets counted," he said.

O'Mara said he believes the e-mail addresses will provide enough information to perform the needed security but refused to reveal details of how that will work.

"There are a few folks out there we'd just assume not know what we're doing," he said.

Last year, the culprit was caught when his votes came in too quickly from a single IP address.

But security experts aren't as confident as O'Mara that the new system will ward off hackers.

Setting up a program to delay the votes and randomize the IP addresses wouldn't prove too difficult to an experienced hacker, said Rob Clyde, vice president for security management at Rockville, Md.-based Axent Technologies Inc.

"They can punch up a routine and just let it run for a few days," Clyde said.

Michael Rothman, executive vice president of Needham, Mass., security firm SHYM Technology Inc., said the All-Star site will pose a ready-made target for "anybody who can sling together a JavaScript."

"Technology's amazing," he said. "It's bringing a level of efficiency in fraudulent activities that used to be done with just brute force."

Rothman said SeasonTicket.com was on track in creating digital IDs. Clyde also suggested intrusion detection software and keeping core activities secure behind a firewall.

Yet baseball fans have tried to stuff All-Star ballots for decades. When added to a hacker community that loves a challenge, the All-Star ballot sticks out like a bull's-eye.

"We know somebody's going to try something," O'Mara said.

Join the newsletter!

Error: Please check your email address.

More about Axent

Show Comments

Market Place