Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Kemp Cites Voter Database Hacking Attempt, Gives No Evidence

The office of Secretary of State Brian Kemp, who is also the Republican gubernatorial nominee, said Sunday it is investigating the state Democratic Party in connection with an alleged attempt to hack Georgia’s online voter database, which is used to check in voters at polling places in the midterm elections.

The office of Secretary of State Brian Kemp, who is also the Republican gubernatorial nominee, said Sunday it is investigating the state Democratic Party in connection with an alleged attempt to hack Georgia’s online voter database, which is used to check in voters at polling places in the midterm elections.

The statement offered no evidence for the claim and didn’t specify allegations against Georgia Democrats. But it quickly became a last-minute flashpoint in one of the nation’s most closely contested governor’s races as Tuesday’s election loomed.

Democrats viewed the development as more evidence that Kemp’s office, which oversees elections, was serving as an extension of his gubernatorial campaign. Republicans, meanwhile, framed it as an instance of Democrats trying to arrange nefarious votes. It’s playing out the same day that Kemp will campaign alongside President Donald Trump in Macon.

As he left the White House on Sunday for Georgia, Trump said he hadn’t been briefed on the issue and didn’t know anything about it.

Kemp’s office said federal authorities had been notified. The FBI declined to comment on the matter. A representative for the Department of Homeland Security confirmed the agency had been notified, but it deferred to Georgia officials for details.

Sunday’s announcement came as the Coalition for Good Governance, a plaintiff in a lawsuit against Kemp alleging gross negligence in managing the state’s elections, cited published reports saying a third party had discovered that Georgia’s online registered voter database — which his office manages — is subject to hacking that could alter voters’ information or remove them from the registered voter list altogether.

University of Michigan computer scientist Matthew Bernhard reviewed the reported flaw — which the Democratic Party on Saturday asked several computer scientists to review — and told The Associated Press it could have allowed anyone with access to an individual voter’s personal information to alter the record of any voter in the system.

The finger-pointing is the latest turn in a campaign whose final weeks have been dominated by charges of voter suppression and countercharges of attempted voter fraud.

Advertisement. Scroll to continue reading.

Democrat Stacey Abrams, who would become the nation’s first black female governor if she wins, has called Kemp “an architect of voter suppression” and says he’s used his post as chief elections officer to make it harder for certain voters to cast ballots. Kemp counters that he’s following state and federal law and that it’s Abrams and her affiliated voting advocacy groups trying to help people, including noncitizens, cast ballots illegally.

The atmosphere has left partisans and good-government advocates alike worrying about the possibility that the losing side will not accept Tuesday’s results as legitimate. Polls suggest a tight race.

The accusation is not the first from Kemp accusing outsiders of trying to penetrate his office. Immediately after the 2016 general election, Kemp accused the federal Department of Homeland Security of trying to hack his office’s network, an accusation dismissed in mid-2017 by the DHS inspector general as unfounded.

Even before he was running for governor, Kemp faced criticism over Georgia’s election system.

Georgia’s current centrally managed elections system lacks a verifiable paper trail that can be audited in case of problems. The state is one of just five nationwide that continues to rely exclusively on aged electronic voting machines that computer scientists have long criticized as untrustworthy because they are easily hacked and don’t leave a paper trail.

Kemp has previously been accused by election-integrity activists of mismanaging state elections as Georgia’s top elections official through poor oversight and in resisting the transparency they say is necessary to instill faith in the process.

In 2015, Kemp’s office inadvertently released the Social Security numbers and other identifying information of millions of Georgia voters. His office blamed a clerical error.

His office made headlines again last year after security experts disclosed a gaping security hole that wasn’t fixed until six months after it was first reported to election authorities. Personal data was again exposed for Georgia’s 6.7 million voters, as were passwords used by county officials to access files.

Kemp’s office laid the blame for that breach on Kennesaw State University, which managed the system on Kemp’s behalf.

In the voting integrity case, a federal judge last month endorsed the plaintiff’s arguments that Kemp has been derelict in his management of the state election system and that it violates voters’ constitutional rights with its lack of verifiability and reliability.

RelatedGeorgia’s Use of Electronic Voting Machines Allowed for Midterms

RelatedHacking Elections – Georgia’s Midterm Electronic Voting in the Dock

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.