• United States



Republican Kemp accuses Georgia Democrats of hacking but provides no proof

Nov 05, 20186 mins
CybercrimeData BreachHacking

Georgia’s Secretary of State Office is investigating the Democratic Party of Georgia for hacking the state’s voter registration system but failed to cite any evidence.

07 vote
Credit: Thinkstock

Toss around accusations of a failed attempt to hack a state’s voter registration system — without actually providing any proof — that’s one way to really stir things up right before the midterm elections.

That is what Brian Kemp, Georgia’s current secretary of state — who is also the Republican candidate for governor — did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state’s voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters.

Kemp, via the Georgia Secretary of State’s office, first released the following statement:

After a failed attempt to hack the state’s voter registration system, the Secretary of State’s office opened an investigation into the Democratic Party of Georgia on the evening of Saturday, November 3, 2018. Federal partners, including the Department of Homeland Security and Federal Bureau of Investigation, were immediately alerted.

“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” said Candice Broce, Press Secretary. “We can also confirm that no personal data was breached and our system remains secure.”

As you likely noticed, Kemp cited no evidence. He’s been embroiled in controversy, including the potential conflict of interest from remaining as secretary of state instead of stepping down while running for governor. And last week, a federal judge called Georgia’s “exact match” voting requirement overly burdensome and ordered the state to adjust it.

Georgia Democrats emphatically denied the hacking accusations. Abrams told CBS News that Kemp learned about a vulnerability in the voter registration system and attempted breach on Friday but opted not to act until Sunday.

Kemp, via his Secretary of State’s office, later released an update to the first hacking accusation statement:

We opened an investigation into the Democratic Party of Georgia after receiving information from our legal team about failed efforts to breach the online voter registration system and My Voter Page. We are working with our private sector vendors and investigators to review data logs. We have contacted our federal partners and formally requested the Federal Bureau of Investigation to investigate these possible cyber crimes. The Secretary of State’s office will release more information as it becomes available.

Georgia Democratic Party releases emails about voter system vulnerabilities

It should be noted that WhoWhatWhy revealed that it had a copy of an email sent by the Georgia Democratic Party highlighting the vulnerabilities in Georgia’s My Voter Page. It was after that article when Kemp announced the investigation into the Democratic Party of Georgia.

Add this tweet from WSB-TV investigative reporter Aaron Diamant to the clusterflub; it contained a text message from the Georgia Secretary of State’s office, claiming the “FBI is looking for information on ‘Rachel Small’” – asking “why she was talking about trying to hack the Secretary of State’s system.”

The Democratic Party of Georgia responded by claiming, “Team Kemp is losing their minds.”

To “prove” Kemp’s “irresponsible ploy to use the FBI and abuse his power as Secretary of State,” Georgia Democrats released emails.

The first was from “Richard Wright” — a person not affiliated with the Georgia Democratic Party — sent to Rachel Small who is a “volunteer” for the Democratic Party. The email dated on Saturday detailed two security issues. The one dealing with My Voter Page allegedly allowed a person to download any file on the system. The second one, regarding the online voter registration, allegedly allows the URL to be changed and “download anyone’s data and that includes lots of PII.”

Rachel Small then forwarded Wright’s email to Sara Ghazal, the Democratic Party of Georgia’s Voter Protection Director.

The email about the security vulnerabilities that were forwarded by Small – that does not indicate that Small or anyone in the Democratic Party actually did any hacking – are the reason Kemp supposedly was looking for information about Small and launched an investigation after the “failed hacking attempt” allegedly by the Democrats. Kemp’s office told The New York Times that the email showed Small “talking about trying to hack the Secretary of State’s system.”

Previous data breaches affecting Georgia voters

This is not the first time that poor security impacted Georgia voters. Last year, a breach impacted as many as 7.5 million Georgia voter records. In 2015, another data breach led to the release of private information of more than 6 million Georgia voters. Many people have blamed Kemp’s “incompetence” for the breaches.

The Georgia race for governor is being watched closely. If Abrams wins the election, she will be the first African-American female governor in the U.S. Kemp’s allegations, and the timing, certainly make it appear as if he doesn’t want the race to be judged on merit alone.

Some security experts, such as Chris Vickery, are looking into Georgia’s potential online voter flaws.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.