MiVote has been subject to a recent malicious and fraudulent attack by someone who wanted to take our domain. This act was related solely to the registration of the domain mivote.org.au and in no way whatsoever affected the information, integrity or votes on either the MiVote website or voting app.
Here's what happened:
Several weeks ago, a complaint was lodged with the au Domain Administration (AuDA) challenging MiVote’s eligibility to register a .org.au domain. The rules outlining who can and can’t register a .org.au domain are quite clear and specific.
The complaint was lodged on the grounds that MiVote.org.au had been registered under the Centre For the Future, which is a for profit business. Only not for profit businesses registered in Australia are entitled to .org.au domains.
MiVote has been auspiced by the Centre For The Future as we established our independent structure and team. Because MiVote was not far enough established to satisfy all the requirements to get its own ABN at the time the domain was registered, The Centre For The Future registered mivote.org.au with the intention to transfer ownership to Mivote once it had met the appropriate requirements to register as a not for profit business with its own ABN.
MiVote has since been registered as a not for profit (DEMOCRACY BY MIVOTE LTD. ABN 57616170640) and is eligible to register a .org.au domain.
MiVote is a not for profit powered by a small but effective group of dedicated volunteers who believe in MiVote’s mission to improve community decision-making. The challenges of working with a volunteer workforce mean that processes and activities are done when and where someone has time to do so. Our volunteers contribute their valuable time and expertise when they can fit it around their day to day work, family and other priorities.
Privacy and security are fundamental to MiVote and critical to the integrity of the voting platform - they are not managed by volunteers. These parts of MiVote are supported by world-class organisations that have formal agreements with MiVote to ensure ongoing service, support and security.
Members’ information and votes are protected by best practice security protocols. The MiVote website and database is managed by NationBuilder - the same platform underpinning fundraising campaigns for US presidential election campaigns. The MiVote voting platform is on blockchain and built and managed by B2Cloud, an award winning development house whose clients include leading banks and airlines.
We do not know who lodged the complaint against MiVote’s registration of the .org.au domain.
For someone to dig deep enough to discover:
1) that the domain was registered under The Centre For the Future
2) that the Centre For the Future is a for profit business
3) that .org.au domains can not be registered by for profit organisations
means that they were purposefully targeting MiVote and likely had a specific intent to cause inconvenience.
They achieved their goal of becoming a pesky irritation to our volunteers.
We’re envious that someone has that much time on their hands. If they are that idle, we encourage them to join our volunteer group and put that effort and attention into a positive pursuit that creates value in the world.
The notification that MiVote received advising of the complaint was not picked up by any volunteer, and as a result, MiVote was not aware action needed to be taken. (The only action required was to update the registration details from Centre For The Future to Democracy By MiVote.) Subsequently, the complaint was upheld and the mivote.org.au domain was flagged for deletion. At this point, the mivote.org.au website, whilst still existing untouched on our servers, no longer had a public facing home on the internet.
Once we realised that the domain had been disabled, MiVote volunteers quickly sprung to action to move the site over to mivote.com.au, (which we had also registered and is subject to different rules) and to update our email addresses.
We also asked B2Cloud to do some development work to move the voting platform to vote.mivote.com.au while we resolved the .org.au domain issue.
The Australian Domain Administration were extremely responsive and supportive during this process and advised us that mivote.org.au would be re-released at 1pm Tuesday 27 June, at which point anyone could register the domain.
From 12.55pm on the 27th June a number of MiVote volunteers were poised over their computers eagerly refreshing their browser ready to pounce on the domain the moment it became available.
We missed it.
Despite our collective efforts and information, another group/person registered mivote.org.au out from under us.
The registrant name was given as Abbot Kline, with an email address attached to a chinese language site.
MiVote brought this to the attention of AuDA immediately, and we lodged our own complaint against the registrant.
AuDA advised that this looked suspicious and began an investigation. The company used to register this domain, MelbourneIT, was not aware of this registration and has since agreed to transfer ownership back to MiVote.
A couple of days later, a new website appeared on mivote.org.au, selling womens shoes. This site obviously has nothing to do with MiVote, is not registered as a not for profit and is just generally a bit baffling. Not to mention that questionable logo design.
This was a malicious case of fraud perpetrated against the domain registration. Once again, we want to reassure all our users that at no time during this whole process was any of MiVote’s information, votes or website at risk. The action did nothing more than cause more work for a group of volunteers giving their time to support a not-for-profit organisation.
We take it as a compliment that our SEO was strong enough to be attractive to a cyber squatter.
MiVote was contacted by AuDA on 3 July 2017 to advise that the process to transfer domain ownership back to MiVote was underway. We hope to get our website back over to mivote.org.au in the coming days, as soon as the domain is transferred back to us.
In the meantime, we have tightened up our process and clarified roles and responsibilities across our group of excellent volunteers to ensure we’re ready next time someone finds themselves with too much time on their hands and nothing better to do than cause pointless mischief.
Now, back to work.