Georgia official discounts threat of exposed voter records - KAIT Jonesboro, AR - Region 8 News, weather, sports

Georgia official discounts threat of exposed voter records

(AP Photo/Alex Sanz). FILE - This Sept. 22, 2016 file photo shows employees of the Fulton County Election Preparation Center in Atlanta test electronic voting machines. A security researcher disclosed a gaping security hole at the outfit that manages G... (AP Photo/Alex Sanz). FILE - This Sept. 22, 2016 file photo shows employees of the Fulton County Election Preparation Center in Atlanta test electronic voting machines. A security researcher disclosed a gaping security hole at the outfit that manages G...
(AP Photo/Alex Sanz, File). FILE - This Sept. 22, 2016 file photo shows the screen of an electronic voting machine during testing at the Kennesaw State University Center for Election Systems in Kennesaw, Ga. A security researcher disclosed a gaping sec... (AP Photo/Alex Sanz, File). FILE - This Sept. 22, 2016 file photo shows the screen of an electronic voting machine during testing at the Kennesaw State University Center for Election Systems in Kennesaw, Ga. A security researcher disclosed a gaping sec...
By FRANK BAJAK and KATHLEEN FOODY
Associated Press

ATLANTA (AP) - After a researcher notified officials of a major security lapse at the center managing Georgia's election technology, leading computer scientists urged the state's top elections official to order a thorough outside probe to determine if its voting systems had been compromised.

There's no indication that happened.

At the same time, Secretary of State Brian Kemp contested a lawsuit demanding the state abandon its antiquated touchscreen voting machines , which are highly susceptible to being rigged by hackers in all-but-undetectable ways, and whose votes couldn't be reliably recounted.

And when voting-transparency activists sought a top-to-bottom review of state voting systems, Kemp's top lawyer told them it would cost $10,000 and take six months - extending well past a closely watched congressional runoff vote on June 20.

NEW FOCUS ON VOTING SECURITY

A state judge threw out that suit last Friday, but the issue gained new urgency this week when the researcher who originally detected the security lapse decided to go public. A misconfigured server, Logan Lamb discovered last August, had left Georgia's 6.7 million voter records and other sensitive files exposed to hackers.

And it may have been left unfixed for seven months.

The vulnerability might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls by deleting or altering records - a major concern amid heightened sensitivity to state-sponsored Russian election hacking.

Kemp declined to speak to The Associated Press. Last week, though, he celebrated the lawsuit's dismissal, a rebuff to the "Ivy League professors" - many, in actuality, eminent computer scientists - who advised the plaintiffs and saying the judge determined "what we already know: Our voting machines in Georgia are safe and accurate."

Voting technology experts say the state can't know that for sure.

Voting machines like Georgia's, which neither use paper ballots nor keep hardcopy proof of voter intent, are inherently vulnerable to tampering, researchers say. University of South Carolina's Duncan Buell, one of the lawsuit advisors, compared the risk to driving in a heavy rain at 100 miles an hour.

The extent to which the state has examined its systems is unclear. During the lawsuit, Kemp ignored a request from the plaintiffs' advisors for a full forensic examination by the Department of Homeland Security and the U.S. Computer Emergency Readiness Team (CERT), said activist Marilyn Marks.

Last year, Kemp refused DHS offers to help secure his state elections systems - then complained that it was probing them anyway.

FEARS OF RUSSIAN HACKING

The security failure's extent was first reported Wednesday by Politico Magazine . Lamb, a 29-year-old Atlanta-based researcher, told the AP that the publication last week of a classified National Security Agency report ended his reluctance to go public. It describing a sophisticated scheme, allegedly by Russian military intelligence, to infiltrate local U.S. elections systems using phishing emails.

The NSA report offered the most detailed account yet of an attempt by foreign agents to probe the rickety and poorly funded U.S. elections system. DHS had previously reported attempts last year to gain unauthorized access to voter registration databases in 20 states - one of which, in Illinois, succeeded, though the state said no harm resulted.

Lamb discovered the security hole as he did a search of the website of the Center for Election Systems at Kennesaw State, which manages voting statewide. There, he found a directory open to the internet that contained not just the state voter database, but PDF files with instructions and passwords used by poll workers to sign into a central server used on Election Day. Lamb said he downloaded 15 gigabytes of data, which he later destroyed.

The directory of files "was already indexed by Google," Lamb said in an interview - meaning that anyone could have found it with the right search.

"I don't know if the vote could have been rigged, but compromising that server would have served as a great pivot point and malware could have been planted easily," he added.

WHO KNEW WHAT WHEN

Lamb said he notified the center's director, Merle King, who assured him the hole would be patched and who asked to keep his discovery to himself.

But the center never notified the secretary of state's office of that discovery, said state election spokeswoman Candice Broce. The election center referred all questions to Kennesaw State, which declined comment.

Lamb said he decided at the time not to disclose the problem - mostly because he "didn't want to needlessly escalate things" prior to the Nov. 8 general election. He said King had also told him that "messing with elections means the people downtown crush you."

King did not respond to phone messages and emails seeking comment.

In March, a security colleague Lamb had told about the flaw checked out the center's website and discovered that the vulnerabilities had only been partially fixed. "We were both pretty floored," said Lamb.

The researcher, Chris Grayson, said he, too, was able to access the same voter record database and other sensitive files in a publicly accessible directory. Grayson contacted a friend who is a professor at Kennesaw State. Two days later, the FBI was called in to investigate.

It did not bring charges against either researcher, finding no evidence of illegal entry . "At the end of the day we were doing what we thought was in the best interest of the republic - informing the parties that needed to be privy to this sort of issue," said Grayson.

The special election next Tuesday will fill the seat vacated by Republican Tom Price after he was named Health and Human Services Secretary. It has attracted national attention, including that of President Donald Trump, for whom it could be a bellwether.

First-time candidate Jon Ossoff is a Democrat with a national security background. His GOP opponent is former Georgia Secretary of State Karen Handel.

---

Bajak reported from Houston

---

EDITOR'S NOTE: This story has been corrected to delete an erroneous reference to the state election spokeswoman saying she would not know until Friday if the state had thoroughly examined its elections systems. In fact, she said she would not know until then whether the state had requested a full forensic examination from DHS and CERT.

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

  • National SportsMore>>

  • Ellsbury ties odd Rose mark for most catcher's interference

    Ellsbury ties odd Rose mark for most catcher's interference

    Wednesday, June 28 2017 12:05 AM EDT2017-06-28 04:05:13 GMT
    Wednesday, June 28 2017 2:35 AM EDT2017-06-28 06:35:53 GMT
    Jacoby Ellsbury of the New York Yankees has tied Pete Rose's obscure record for reaching base the most times in a career on catcher's interference.Ellsbury did it for the 29th time when his bat tipped the mitt of...
    Jacoby Ellsbury of the New York Yankees has tied Pete Rose's obscure record for reaching base the most times in a career on catcher's interference.Ellsbury did it for the 29th time when his bat tipped the mitt of Chicago White Sox catcher Kevan Smith.
  • Florida beats LSU 6-1 at CWS for 1st national championship

    Florida beats LSU 6-1 at CWS for 1st national championship

    Tuesday, June 27 2017 11:43 PM EDT2017-06-28 03:43:50 GMT
    Wednesday, June 28 2017 2:35 AM EDT2017-06-28 06:35:51 GMT
    (AP Photo/Matt Ryerson). Florida pitcher Tyler Dyson, center, is congratulated by teammates after being relieved during the seventh inning against LSU in Game 2 of the NCAA College World Series baseball finals in Omaha, Neb., Tuesday, June 27, 2017.(AP Photo/Matt Ryerson). Florida pitcher Tyler Dyson, center, is congratulated by teammates after being relieved during the seventh inning against LSU in Game 2 of the NCAA College World Series baseball finals in Omaha, Neb., Tuesday, June 27, 2017.

    Florida breaks open the game in 8th inning, and beats LSU 6-1 for its first national title in baseball.

    Florida breaks open the game in 8th inning, and beats LSU 6-1 for its first national title in baseball.

  • Maeda dominates in spot start, Dodgers beat Angels 4-0

    Maeda dominates in spot start, Dodgers beat Angels 4-0

    Wednesday, June 28 2017 1:03 AM EDT2017-06-28 05:03:54 GMT
    Wednesday, June 28 2017 2:35 AM EDT2017-06-28 06:35:46 GMT
    Kenta Maeda pitched four-hit ball over seven innings in a spot start, Joc Pederson hit a three-run homer and the Los Angeles Dodgers beat the Angels 4-0 at Dodger Stadium.
    Kenta Maeda pitched four-hit ball over seven innings in a spot start, Joc Pederson hit a three-run homer and the Los Angeles Dodgers beat the Angels 4-0 at Dodger Stadium.
  • National politicsMore>>

  • Sarah Palin sues paper for tying her PAC ad to mass shooting

    Sarah Palin sues paper for tying her PAC ad to mass shooting

    Tuesday, June 27 2017 8:43 PM EDT2017-06-28 00:43:46 GMT
    Wednesday, June 28 2017 3:15 AM EDT2017-06-28 07:15:11 GMT
    Former Alaska governor Sarah Palin is accusing The New York Times of defamation over an editorial that linked one of her political action committee ads to the mass shooting that severely wounded then-Arizona...
    Former Alaska governor Sarah Palin is accusing The New York Times of defamation over an editorial that linked one of her political action committee ads to the mass shooting that severely wounded then-Arizona Congresswoman Gabby Giffords.
  • Science groups ask Trump to retain advisory board integrity

    Science groups ask Trump to retain advisory board integrity

    Tuesday, June 27 2017 4:04 PM EDT2017-06-27 20:04:00 GMT
    Wednesday, June 28 2017 3:14 AM EDT2017-06-28 07:14:34 GMT
    A coalition of science and engineering groups is calling on President Donald Trump to make sure that his review of the role of scientific advisory boards respects the importance of accurate scientific data.
    A coalition of science and engineering groups is calling on President Donald Trump to make sure that his review of the role of scientific advisory boards respects the importance of accurate scientific data.
  • Senate GOP shelves health bill, imperils 'Obamacare' repeal

    Senate GOP shelves health bill, imperils 'Obamacare' repeal

    Tuesday, June 27 2017 4:13 AM EDT2017-06-27 08:13:16 GMT
    Wednesday, June 28 2017 3:04 AM EDT2017-06-28 07:04:50 GMT

    Congress' nonpartisan budget referee says the Senate Republican health care bill would leave 22 million additional people uninsured in 2026 compared to President Barack Obama's law.

    Congress' nonpartisan budget referee says the Senate Republican health care bill would leave 22 million additional people uninsured in 2026 compared to President Barack Obama's law.

Powered by Frankly