Georgia’s Secretary of State Office is investigating the Democratic Party of Georgia for hacking the state’s voter registration system but failed to cite any evidence. Credit: Thinkstock Toss around accusations of a failed attempt to hack a state’s voter registration system — without actually providing any proof — that’s one way to really stir things up right before the midterm elections.That is what Brian Kemp, Georgia’s current secretary of state — who is also the Republican candidate for governor — did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state’s voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters.Kemp, via the Georgia Secretary of State’s office, first released the following statement:After a failed attempt to hack the state’s voter registration system, the Secretary of State’s office opened an investigation into the Democratic Party of Georgia on the evening of Saturday, November 3, 2018. Federal partners, including the Department of Homeland Security and Federal Bureau of Investigation, were immediately alerted.“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” said Candice Broce, Press Secretary. “We can also confirm that no personal data was breached and our system remains secure.”As you likely noticed, Kemp cited no evidence. He’s been embroiled in controversy, including the potential conflict of interest from remaining as secretary of state instead of stepping down while running for governor. And last week, a federal judge called Georgia’s “exact match” voting requirement overly burdensome and ordered the state to adjust it. Georgia Democrats emphatically denied the hacking accusations. Abrams told CBS News that Kemp learned about a vulnerability in the voter registration system and attempted breach on Friday but opted not to act until Sunday.Kemp, via his Secretary of State’s office, later released an update to the first hacking accusation statement: We opened an investigation into the Democratic Party of Georgia after receiving information from our legal team about failed efforts to breach the online voter registration system and My Voter Page. We are working with our private sector vendors and investigators to review data logs. We have contacted our federal partners and formally requested the Federal Bureau of Investigation to investigate these possible cyber crimes. The Secretary of State’s office will release more information as it becomes available.Georgia Democratic Party releases emails about voter system vulnerabilitiesIt should be noted that WhoWhatWhy revealed that it had a copy of an email sent by the Georgia Democratic Party highlighting the vulnerabilities in Georgia’s My Voter Page. It was after that article when Kemp announced the investigation into the Democratic Party of Georgia.Add this tweet from WSB-TV investigative reporter Aaron Diamant to the clusterflub; it contained a text message from the Georgia Secretary of State’s office, claiming the “FBI is looking for information on ‘Rachel Small’” – asking “why she was talking about trying to hack the Secretary of State’s system.”BREAKING: Just got this text from Georgia Secretary of State office official… “The FBI is looking for information on ‘Rachel Small…'” after bombshell announcement its investigating @GeorgiaDemocrat Party for “failed cyberattack” on State’s voter registration system. @wsbtv pic.twitter.com/tYlODB6KV4— Aaron Diamant (@AaronDiamantWSB) November 4, 2018The Democratic Party of Georgia responded by claiming, “Team Kemp is losing their minds.”BREAKING: Team Kemp is losing their minds. Rachel Small is a volunteer for the Democratic Party of Georgia on our voter protection hotline. She received an email from a man named Richard Wright. She forwarded Richard’s email to our voter protection director. Sorry, @BrianKempGA. https://t.co/eogwmEZ2X0— Georgia Democrat (@GeorgiaDemocrat) November 4, 2018To “prove” Kemp’s “irresponsible ploy to use the FBI and abuse his power as Secretary of State,” Georgia Democrats released emails.The first was from “Richard Wright” — a person not affiliated with the Georgia Democratic Party — sent to Rachel Small who is a “volunteer” for the Democratic Party. The email dated on Saturday detailed two security issues. The one dealing with My Voter Page allegedly allowed a person to download any file on the system. The second one, regarding the online voter registration, allegedly allows the URL to be changed and “download anyone’s data and that includes lots of PII.”Rachel Small then forwarded Wright’s email to Sara Ghazal, the Democratic Party of Georgia’s Voter Protection Director. The email about the security vulnerabilities that were forwarded by Small – that does not indicate that Small or anyone in the Democratic Party actually did any hacking – are the reason Kemp supposedly was looking for information about Small and launched an investigation after the “failed hacking attempt” allegedly by the Democrats. Kemp’s office told The New York Times that the email showed Small “talking about trying to hack the Secretary of State’s system.”Previous data breaches affecting Georgia votersThis is not the first time that poor security impacted Georgia voters. Last year, a breach impacted as many as 7.5 million Georgia voter records. In 2015, another data breach led to the release of private information of more than 6 million Georgia voters. Many people have blamed Kemp’s “incompetence” for the breaches.The Georgia race for governor is being watched closely. If Abrams wins the election, she will be the first African-American female governor in the U.S. Kemp’s allegations, and the timing, certainly make it appear as if he doesn’t want the race to be judged on merit alone.Some security experts, such as Chris Vickery, are looking into Georgia’s potential online voter flaws. Georgia needs to get it together. They need to take all their shit and get it together. Get your shit together, Georgia. pic.twitter.com/Rvc2UsfpbR— Chris Vickery (@VickerySec) November 5, 2018There are some people in this thread not understanding the problem. That footer text would be *automatically* up-to-date if Georgia was using up-to-date software. By using ancient software, Georgia is guaranteed to be “hacked” by a malicious actor that looks up developed exploits— Chris Vickery (@VickerySec) November 5, 2018 Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe