The tipoff line is suggesting that there is an easy way to hack the overseas voting option on the Government’s website…
There is an online submission option and the form uses QR codes to authenticate each individual vote. It would be very easy to write a web service (small software / web application) which would generate every possible QR code configuration and submit it from individual IP addresses to the online form. Of course, this would render the referendum invalid. In security terms, this would be deemed similar to a DDOS attack.
If you submit every combination to the online form there would be no way to tell which were real vs fake
…perhaps this needs investigating before the results are declared on Thursday?
UPDATE: We have received this response …
No, because there are 4 billion public IPv4 addresses in the world, and
(at least) 99 billion permutations of the QR code on the Voting Paper.
Each attack would have a 1 mil/99 bil (0.00101%) chance of guessing the
“correct” QR code. An attacker would run out of IP address well before
being able to spoof 1 million votes (~the number of NZers living
If you used all 4 billion IP addresses, you would successfully fake
around 40,000 votes. As well over 1.7 million voting papers have been
(http://www.elections.org.nz/events/referendums-new-zealand-flag-0/voting-second-referendum/voting-statistics), the effect of such an attack on the outcome would probably be