• United States



by Dave Gradijan

Online Election at ITSMF May Have Been Compromised

Jun 05, 20073 mins
CSO and CISOData and Information Security

An online election that was held last October to choose a new board of directors for the U.S. chapter of the IT Service Management Forum (ITSMF) may have been compromised, and the professional association is now investigating the voting process.

Leah Palmer, president of the ITSMF USA, informed the Pasadena, Calif.-based group’s 7,000 members of the investigation in an e-mail message sent this week. Computerworld obtained a copy of the e-mail.

“It appears that an individual, or individuals, is attempting to interfere with the ITSMF USA’s governance process and has obtained information from [our] database to accomplish this objective,” Palmer wrote.

In the e-mail, Palmer didn’t say what triggered the investigation or whether she thinks the election results were actually affected by the apparent breach. But she made it clear that the issue of the election’s validity is being examined.

“If the elections process has been compromised, all necessary efforts will be made to correct the situation,” Palmer wrote. She added that ITSMF officials are exploring alternative IT approaches to help “secure voting in the future.”

Ongoing investigation

According to the e-mail, the ITSMF USA is working with its legal counsel and outside service providers as part of the investigation, which will include an assessment and audit of the group’s database. Sources within the organization said that someone with computer forensic skills is also helping with the probe.

Palmer, who couldn’t be reached for further comment, told ITSMF USA members in her e-mail that there was no breach “of any of the payment and dues-processing aspects” of the group’s IT systems. She also wrote that she would keep members “aware of the actions we are taking…to ensure that your information is and remains secure.”

The ITSMF is an international organization managed out of an office in Wokingham, England, that promotes the adoption of IT service management standards and best practices, such as the IT Infrastructure Library (ITIL). The election issue involves the ITSMF’s U.S. chapter only.

Palmer’s message was discussed at a board meeting of the ITSMF’s local interest group in Los Angeles last week. Keith Belyea, who is a member of that group’s board, said the news about the possible online voting compromise was both confusing and sad, especially for an organization run by volunteers. But Belyea, an ITIL consultant at Alert Performance Management in Irvine, Calif., added that he’s confident that the issue will be resolved.

Belyea, like some other ITSMF members who were contacted last week, said he had only a sketchy idea of what might have happened, although he doesn’t believe the online voting system was randomly hacked. “It seems that this is a deliberate attempt by someone familiar with the organization,” he said.

Dennis Ravenelle is an independent IT and management consultant in Boston who was appointed to the ITSMF USA board early last year to fill a vacancy. He ran for one of the five open seats in the October election but lost.

Ravenelle said he has “a great deal of confidence in our president and our board to investigate this and get to the bottom of this and deal with it appropriately and correctly.”

—Patrick Thibodeau, Computerworld (US)