As reported by whowhatwhy.org/…, WaPo and Josh Marshall, the backstory to Brian Kemp’s accusation against the Georgia Democratic party of hacking the state’s voter registration system is quite insidious.
- Apparently, a voter found a security vulnerability in the software used by the state’s voter registration system on Saturday
- The voter alerted an attorney for the plaintiffs in one of the on-going lawsuits against Kemp’s office.
- That lawyer (David Cross) alerted the FBI and attorneys for Kemp’s office.
- Separately, someone not affiliated with the Democratic party flagged the security vulnerability to a Democratic party volunteer.
- The volunteer forwarded the email to the party’s voter protection director, who shared it with cyber-security experts, who then alerted a national intelligence agency and reached out to the Coalition for Good Governance, an election security advocacy group.
- Bruce Brown, a lawyer for the group then alerted Kemp’s office.
- Kemp then put out a press release accusing the state Democratic party of trying to hack the state system.
Instead of addressing the security issues, Kemp’s office put out the statement Sunday saying he had opened an investigation that targets Democrats for hacking, without providing any evidence or details. There was no mention of the letters and information sent to the SoS office and to the FBI by Democrats, alerting them of the problem.
The “hack” in this case is really simple — by typing the appropriate URL, any user can access any file on the server, including voter registration records, network configuration files and cryptographic keys. Files can also be modified. The security features of this software are extremely immature. Georgia’s system has not been audited, so who knows how many other security holes are there.
This hack did not deal with voting machines or voting tabulation software. That’s another story.
The details can be read at whowhatwhy.org/... and www.washingtonpost.com/…
As Josh Marshall points out in the tweet below, the press release itself is a hideous mishmash of conflicts-of-interest in Kemp’s multiple roles and trumpish/putinish political propaganda, hurling accusations at political opponents with no evidence or background information.
According to www.nytimes.com/..., Kemp, whom opponents have portrayed as a “master of voter suppression” and his secretary-of-state office has overseen legal purges of more than 2 million inactive voters from the rolls since 2012 and stalled more than 50,000 applications filed by voters, most of them black. He has repeatedly refused calls to step down as secretary of state to avoid perceptions of bias.
Problems with the Georgia voting systems have been known for a while, with Kemp having taken few steps to improve security.
The article at www.washingtonpost.com/… states that Kemp has made similar accusations before -
This isn’t the first time Kemp’s office has claimed its voting systems were hacked based on thin evidence. After the presidential election in 2016, the Hill reported, he accused President Barack Obama’s Department of Homeland Security of launching at least 10 failed cyberattacks on Georgia.
An investigation during President Trump’s administration concluded that the supposed attacks were actually “normal and automatic computer message exchanges generated by the Microsoft applications involved."
The whowhatwhy.org/… site also has lots of additional info on the Georgia SOS office, the election system software, its vendor and previous attempts to detect flaws in the software. Voting machine software also have a history of security problems.
This is hideous and the fact that this can be done so blatantly in our nation shows how fragile our Democracy is under GOP rule. There is nothing that will stop these folks from stealing elections.
Questions:
- Was the office of SOS aware of these security holes before they were reported by the Democrats?
- If not, will you launch an investigation into how the security hole got there?
- Have the security holes been fixed? Over the weekend?
- Could the Russians and GOP operatives have been accessing the system through the security holes? Shouldn’t the investigation cover them too?
- Are there audit trails of accesses to these files? If not, why not? If yes, then will they all be made available to the FBI?
- Will GA submit the software code to an audit by independent experts?
Let’s hope that the media does its job and exposes this latest GOP dirty trick before it is too late. Most of the media outlets have not dug into the background of this story and are simply reporting on the accusation and the back-and-forth statements by the two parties.