The system, developed by the Washington DC Board of Elections and Ethics, was designed to allow military and overseas voters registered in cast electronic ballots in a local election.
Their attack attempts went unnoticed by the intrusion detection system (IDS) device deployed in front of the web server, because it "was not configured to intercept and monitor the contents of the encrypted HTTPS connections that carried" the attacks.
The researchers found a pair of publicly-accessible webcams showing the server room that housed the pilot network. The cameras were pointed at the entrance to the room and at the rack of server and network hardware.
"We used them to gauge whether the network administrators had discovered our attacks," the researchers said. "When they did, their body language became noticeably more agitated."