Kemp’s Aggressive Gambit to Distract From Election Security Crisis
Georgia Announces Hacking Investigation Into Democrats, but What Really Happened?
https://whowhatwhy.org/2018/11/04/kemps-aggressive-gambit-to-distract-from-election-security-crisis/
When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed.
Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking.
Kemp’s statement has become top news nationwide, but the context and background have yet to be reported — so we are providing it below.
The Backstory and Detail
.
By the time Democrats reached out to the experts, Kemp’s office and the Federal Bureau of Investigation had already been alerted to the problem on Saturday morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for one of the plaintiffs in a lawsuit against Kemp and other elections officials concerning cyber weaknesses in Georgia’s election system.
A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday.
The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.
WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited.
Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document sent from the Democratic Party of Georgia to election security experts that highlighted these potential vulnerabilities within the state’s My Voter Page and online voter registration system.
According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of voters’ private information and potentially make changes to their registrations — including canceling them.
In this election and during the primaries, voters have reported not showing up in the poll books, being assigned to the wrong precinct, and being issued the wrong ballot.
All of that could be explained by a bad actor changing voter registration data.
In the email that sparked this controversy, Sara Tindall Ghazal, the voter protection director for the Democratic Party of Georgia, alerted two computer experts of a potential problem that she said might constitute a “massive vulnerability.” WhoWhatWhy is not publishing the document describing the problem, as it provides a roadmap to exploiting the security weaknesses.
None of the cyber security experts WhoWhatWhy then contacted tested the vulnerabilities described, downloaded any files, altered any data, or searched the My Voter Page by altering the website address.
All five noted that testing these vulnerabilities without permission would be illegal.
Instead, several logged onto the My Voter Page to look at the code used to build the site — something any Georgian voter could do with a little instruction — and confirmed the voter registration system’s vulnerabilities.
They then alerted a national intelligence agency and reached out to the Coalition for Good Governance, an election security advocacy group that has sued Georgia multiple times over the vulnerability of its systems.
Bruce Brown, a lawyer for the group, then reached out to Kemp’s attorneys to alert them of the problem. At 7:03 PM Saturday night, he emailed John Salter and Roy Barnes, former governor of Georgia, in their capacities as counsel to Secretary of State Kemp, to notify them of the serious potential cyber vulnerability in the registration files that had been discovered without any hacking at all, and that national intelligence officials had already been notified.
WhoWhatWhy published its first story on the subject shortly after 6:00 AM Sunday morning.
Instead of addressing the problem, however, Kemp put out the statement an hour later saying his office has launched a hacking investigation.
“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” press secretary Candice Broce stated. “We can also confirm that no personal data was breached and our system remains secure.”
Kemp’s office is being disingenuous, Brown asserted.
“We have seen, unfortunately, that we were too correct in our allegations and Judge [Amy] Totenberg was too prescient in her concerns about the system,” Brown said. “That Kemp would turn this around and blame other people for his failures is reflective of his complete failure as Secretary of State.”
Judge Totenberg had recently ruled that there was not enough time for Georgia to switch to paper ballots — widely seen as a more secure voting method — but expressed grave concerns over the security of the state’s elections.
“What is particularly outrageous about this, is that I gave this information in confidence to Kemp’s lawyers so that something could be done about it without exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his own political agenda over the security of the election, Kemp is ignoring his responsibility to the people of Georgia.”
Georgia Announces Hacking Investigation Into Democrats, but What Really Happened?
https://whowhatwhy.org/2018/11/04/kemps-aggressive-gambit-to-distract-from-election-security-crisis/
When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed.
Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking.
Kemp’s statement has become top news nationwide, but the context and background have yet to be reported — so we are providing it below.
The Backstory and Detail
.
By the time Democrats reached out to the experts, Kemp’s office and the Federal Bureau of Investigation had already been alerted to the problem on Saturday morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for one of the plaintiffs in a lawsuit against Kemp and other elections officials concerning cyber weaknesses in Georgia’s election system.
A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday.
The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.
WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited.
Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document sent from the Democratic Party of Georgia to election security experts that highlighted these potential vulnerabilities within the state’s My Voter Page and online voter registration system.
According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of voters’ private information and potentially make changes to their registrations — including canceling them.
In this election and during the primaries, voters have reported not showing up in the poll books, being assigned to the wrong precinct, and being issued the wrong ballot.
All of that could be explained by a bad actor changing voter registration data.
In the email that sparked this controversy, Sara Tindall Ghazal, the voter protection director for the Democratic Party of Georgia, alerted two computer experts of a potential problem that she said might constitute a “massive vulnerability.” WhoWhatWhy is not publishing the document describing the problem, as it provides a roadmap to exploiting the security weaknesses.
None of the cyber security experts WhoWhatWhy then contacted tested the vulnerabilities described, downloaded any files, altered any data, or searched the My Voter Page by altering the website address.
All five noted that testing these vulnerabilities without permission would be illegal.
Instead, several logged onto the My Voter Page to look at the code used to build the site — something any Georgian voter could do with a little instruction — and confirmed the voter registration system’s vulnerabilities.
They then alerted a national intelligence agency and reached out to the Coalition for Good Governance, an election security advocacy group that has sued Georgia multiple times over the vulnerability of its systems.
Bruce Brown, a lawyer for the group, then reached out to Kemp’s attorneys to alert them of the problem. At 7:03 PM Saturday night, he emailed John Salter and Roy Barnes, former governor of Georgia, in their capacities as counsel to Secretary of State Kemp, to notify them of the serious potential cyber vulnerability in the registration files that had been discovered without any hacking at all, and that national intelligence officials had already been notified.
WhoWhatWhy published its first story on the subject shortly after 6:00 AM Sunday morning.
Instead of addressing the problem, however, Kemp put out the statement an hour later saying his office has launched a hacking investigation.
“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” press secretary Candice Broce stated. “We can also confirm that no personal data was breached and our system remains secure.”
Kemp’s office is being disingenuous, Brown asserted.
“We have seen, unfortunately, that we were too correct in our allegations and Judge [Amy] Totenberg was too prescient in her concerns about the system,” Brown said. “That Kemp would turn this around and blame other people for his failures is reflective of his complete failure as Secretary of State.”
Judge Totenberg had recently ruled that there was not enough time for Georgia to switch to paper ballots — widely seen as a more secure voting method — but expressed grave concerns over the security of the state’s elections.
“What is particularly outrageous about this, is that I gave this information in confidence to Kemp’s lawyers so that something could be done about it without exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his own political agenda over the security of the election, Kemp is ignoring his responsibility to the people of Georgia.”
