◼ Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random.
...Six months and a grand-jury probe later, there still are few answers about the phantom requests, which targeted Democratic voters in a congressional district and Republican voters in two Florida House districts.
The foreman of that grand jury, whose report made public the existence of the phantom requests, said jurors were eager to learn if a candidate or political consultant had succeeded in manipulating the voting system. But they didn’t get any answers.
...the ballots would have brought more voters into the light-turnout election. The phantom requests targeted infrequent voters who had not applied for absentees, most of whom wound up not voting in the primary at all.
Only candidates, political parties and committees have access during an election to lists updated daily showing which voters have already requested and returned absentee ballots....
Had the requests been filled, short of stealing the ballots from mailboxes, the campaigns would have been able to flood the targeted voters with phone calls, fliers and home visits to try to sway their vote.
Persuade enough of them, and you might flip the race.
...When the phantom requests were initially flagged, elections staff telephoned a dozen of the targeted voters to check whether they had really asked for absentee ballots. They hadn’t, said Rosy Pastrana, the deputy elections supervisor for voter services.
Lynn Sargent, 23, said she received an email July 8 confirming her absentee-ballot request — even though she had never submitted one.
“I was definitely concerned when I got it,” said Sargent, a Miami-Dade native who had recently moved to Connecticut. But the ballot never arrived, and she voted in her new state.
Once the department knew the requests were phony, it blocked the 15 IP addresses from which they originated. It took several tries — the hacker simply switched to a different address — before the requests stopped.
“Every time we saw that pattern, we would block the IP,” said Bob Vinock, an assistant deputy elections supervisor for information systems. “I guess they finally gave up.”
Then came the hardest part: trying to figure out who did it....
The online ballot-request form requires voter information available on a public database of registered voters. It also asks for an email address — which doesn’t have to be real.
Most of the email addresses on the phantom requests were formulaic and clearly fake — the voter’s first name at AOL, Gmail or Yahoo, for example — but the email addresses on at least some of the early requests were accurate. That is significant, because while those addresses are not publicly available from the voter file, political campaigns routinely compile email addresses through other sources.
