Major League Baseball’s All-Star Game has been taking great pains to make sure fans don’t hack, hack, hack for the home team.
As voting to pick this year’s players gets under way – the first round of balloting was recently posted on-line – All-Star officials hope to double on-line response but without a repeat of an incident that occurred last season. That’s when a fan from Carver, Mass., tried to stuff 39,000 votes for Boston Red Sox shortstop Nomar Garciaparra through the on-line balloting system.
“Baseball, coming off last year’s issue, was concerned about this,” said Tim O’Mara, senior vice-president of operations at SeasonTicket.com Inc. in Bellevue, Wash., which is in charge of this year’s electronic tabulations.
“This site’s high-profile and we know it,” O’Mara added.
On-line voting, which started in 1996, last year collected some 1 million ballots, according to MLB. Another 5 million or so ballots were submitted on paper.
This time around, fans are allowed to cast 25 electronic ballots – an average of one for each home game during the balloting period – from a single e-mail address. The first game is July 11.
All addresses will be verified, daily audits of the votes will be performed and the totals will be posted daily rather than in real time, to allow time for those audits to take place, O’Mara explained.
“We’re confident [crackers are] not going to cast an illegal vote that gets counted.”
O’Mara said he believes the e-mail addresses will provide enough information to perform the needed security but refused to reveal details of how the process will work. “There are a few folks out there we’d prefer not know what we’re doing,” he said. Last year, the culprit was caught when his votes came in too quickly from an identical IP address.
Security experts aren’t as confident as O’Mara that the new system will ward off crackers. Setting up a program to delay the votes and randomize the IP addresses wouldn’t be too difficult for an experienced cracker, said Rob Clyde, vice-president for security management at Rockville, Md.-based Axent Technologies Inc.
“They can punch up a routine and just let it run for a few days,” Clyde said.
Michael Rothman, executive vice-president of Needham, Mass.-based security firm Shym Technology Inc., said the All-Star site will pose a ready-made target for “anybody who can sling together a Java script.
“Technology’s amazing,” he said. “It’s bringing a level of efficiency in fraudulent activities that used to be done with just brute force.”
Rothman said that SeasonTicket.com was on track in creating digital identification. Clyde also suggested using intrusion-detection software and keeping core activities behind an external firewall.
Yet baseball fans have tried to stuff All-Star ballots for decades. For example, fans in Cincinnati populated the entire National League roster with their hometown Reds in 1956. And for a cracker community that loves a challenge, the All-Star ballot is as tempting to swing at as a hanging curveball.
“We know somebody’s going to try something,” O’Mara said.