Poland 2050’s internal party election was voided following a claimed hacker attack, but cybersecurity experts attribute the system’s failure to poor configuration.
26,000 Entries for 700 Eligible Voters. Where Did the Traffic Come From?
On Tuesday, the Poland 2050 National Electoral Commission invalidated the second round of elections for the party chairman. The party’s leadership claims a hacker attack occurred, and the matter was reported to the prosecutor’s office and the Internal Security Agency (ABW).
Cybersecurity experts, however, see no evidence of external interference. Around 700 people were eligible to vote, yet over 26,000 visits were recorded on the site during the process, causing the system to crash and the vote to be closed. Vice-chairwoman Katarzyna Pełczyńska-Nałęcz stated there was a “hacker attack attempt.”
Publicized Link and the “Viral” Effect
Michał Sajdak, founder of Sekurak.pl, shares a similar assessment. He notes that after the voting, some party members apologized for publicizing the voting link on social media. Sajdak explains that in at least one case, the entire short link was visible in a social media post, giving full access to anyone who saw it. The link went viral, leading to the mass influx of traffic. He concludes this was not a hacker attack but a failure of awareness by those who shared the link.
Expert Cites Voting System Errors
Sajdak also points to errors in the voting configuration itself. Photos from social media suggest the system used checkboxes, allowing potentially multiple votes per person. He adds that the paid version of the voting software allows for setting an access password, a basic security measure that was apparently not implemented. This, he says, shows a fundamental lack of awareness of risks.
ABW in the Background of Internal Elections. “Burning Through Resources”
Maciej Broniarz, an ICT security expert and university lecturer, is critical of involving the ABW. He states there was no hacking, no attempt to manipulate the result, and not even a real attack. Involving a state security agency in a political party’s internal election, he argues, is an abuse of resources and serious terminology.
Broniarz emphasizes the problem lies in the process’s design, not external actors. He compares the situation to trying to eat soup with a fork, expressing surprise that a poorly designed IT voting system would fail.
Narrative of Cyberattack Called “Attempt to Escape”
Mirosław Maj, president of the Safe Cyberspace foundation, is equally unequivocal. He describes the voting process as “extremely unprepared” and views the cyberattack narrative as an attempt to shift blame for poor planning. He suggests reporting the issue to the ABW was a way to frame the incident as a significant security event rather than an organizational failure.
Maj adds that no elementary procedures were followed, such as verifying voters or ensuring each person could only vote once, pointing to a lack of basic common sense in the planning process.
