Saturday May 30th, 2020 7:59PM

Researcher finds Georgia voter records exposed on internet

By The Associated Press

HOUSTON (AP) — A security researcher disclosed a gaping security hole at the outfit that manages Georgia's election technology, days before the state holds a closely watched congressional runoff vote on June 20.

The security failure left the state's 6.7 million voter records and other sensitive files exposed to hackers, and may have been left unpatched for seven months. The revealed files might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls during elections.

Georgia is especially vulnerable to such disruption, as the entire state relies on antiquated touchscreen voting machines that provide no hardcopy record of votes, making it all but impossible to tell if anyone has manipulated the tallies.

The true dimensions of the failure were first reported Wednesday by Politico Magazine . The affected Center for Election Systems referred all questions to its host, Kennesaw State University, which declined comment. In March, the university had mischaracterized the flaw's discovery as a security breach.

Logan Lamb, a 29-year-old Atlanta-based private security researcher formerly with Oak Ridge National Laboratory, made the discovery last August. He told The Associated Press he decided to go public after the publication last week of a classified National Security Agency report describing a sophisticated scheme, allegedly by Russian military intelligence, to infiltrate local U.S. elections systems using phishing emails.

The NSA report offered the most detailed account yet of an attempt by foreign agents to probe the rickety and poorly funded U.S. elections system. The Department of Homeland Security had previously reported attempts last year to gain unauthorized access to voter registration databases in 20 states — one of which, in Illinois, succeeded, though the state said no harm resulted.

It also emboldened Lamb, who felt the election center had not been serious enough about security, to come forward with his findings.

Lamb discovered the security hole — a misconfigured server — one day as he did a search of the Kennesaw State election-systems website. There, he found a directory open to the internet that contained not just the state voter database, but PDF files with instructions and passwords used by poll workers to sign into a central server used on Election Day. Lamb said he downloaded 15 gigabytes of data, which he later destroyed.

"It was an open invitation to anybody pretending to even know a little bit about computers to get into the system," said Marilyn Marks, an election-transparency activist whose Colorado-based foundation participated in a failed lawsuit that sought to bar the use of paperless voting machines in next week's election.

The directory of files "was already indexed by Google," Lamb said in an interview — meaning that anyone could have found it with the right search.

"I don't know if the vote could have been rigged, but compromising that server would have served as a great pivot point and malware could have been planted easily," he added.

Lamb said he notified the center's director, Merle King, who assured him the hole would be patched and who asked to keep his discovery to himself.

Politico said the center never notified the secretary of state's office, which oversees elections and contracts with Kennesaw State to manage the technology part. The Associated Press sought comment by phone and email from King and Secretary of State Brian Kemp, but there was no immediate response.

Lamb said he decided not to disclose the problem at the time — mostly because he "didn't want to needlessly escalate things" prior to the Nov. 8 general election. He said King had also told him that "messing with elections means the people downtown crush you."

In March, a security colleague Lamb had told about the flaw checked out the center's website and discovered that the vulnerabilities had only been partially fixed.

"We were both pretty floored," said Lamb.

The researcher, Chris Grayson, said he, too, was able to access the same voter record database and other sensitive files in a publicly accessible directory. Grayson contacted a friend who is a professor at Kennesaw State. Two days later, the FBI was called in to investigate.

It did not bring charges against either researcher, finding no evidence of illegal entry . "At the end of the day we were doing what we thought was in the best interest of the republic — informing the parties that needed to be privy to this sort of issue," said Grayson.

The special election next Tuesday will fill the seat vacated by Republican Tom Price after he was named Health and Human Services Secretary. It has attracted national attention, including that of President Donald Trump, for whom it could be a bellwether.

First-time candidate Jon Ossoff is a Democrat with a national security background. His GOP opponent is former Georgia Secretary of State Karen Handel.

  • Associated Categories: Homepage, U.S. News, Local/State News, Politics, Georgia News, Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP Online Headlines - Washington, AP Elections, General Election News, AP Business, AP Online - Georgia News, AP Online Headlines - Georgia News, AP Technology News
© Copyright 2020
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Researcher finds Georgia voter records exposed on internet
Researcher finds gaping network security hole in website of center that manages Georgia's election, leaving state's 6.7 million voter records, other sensitive files, exposed to hackers.
1:22AM ( 5 minutes ago )
Rifle-wielding attacker wounds GOP leader, killed by police
A top House Republican, Steve Scalise of Louisiana, was shot by a rifle-wielding gunman Wednesday at a congressional baseball practice just outside of Washington
1:11AM ( 16 minutes ago )
Twice is nice: Rizzo hits another leadoff homer for Cubs
Anthony Rizzo has two leadoff homers the past two nights for the Cubs in his first two career starts atop the batting order
1:07AM ( 20 minutes ago )
Associated Press (AP)
Erendira Wallenda plans helicopter stunt over Niagara Falls
The aerialist wife of daredevil Nik Wallenda is preparing for a stunt that will have her hanging by her teeth from a helicopter over Niagara Falls
12:06AM ( 1 hour ago )
Defense to present its case in Ohio police shooting retrial
The defense is set to present its case in the Ohio murder retrial of a former University of Cincinnati police officer
12:05AM ( 1 hour ago )
A morning's baseball drill becomes an assault on Republicans
A morning's baseball drill becomes an assault on Republicans
11:50PM ( 1 hour ago )
AP National News
Gunman who shot congressman had history of anti-GOP activity
A South Carolina lawmaker recalled a man politely asking whether the team practicing on a baseball field Wednesday morning was made up of Democrats or Republicans.
11:24PM ( 2 hours ago )
AP Newsbreak: UPS workers fled gunfire that killed 4
Officials say a UPS employee opened fire at a San Francisco package delivery facility, killing three employees and then himself as officers closed in
11:01PM ( 2 hours ago )
The Latest: APNewsBreak: Gunman had filed grievance
A San Francisco police department official has identified the gunman who opened fire at a UPS warehouse in the city as Jimmy Lam
10:51PM ( 2 hours ago )
AP Online National News
Sanders 'sickened,' shooter possibly linked to '16 campaign
Sen. Bernie Sanders says the man who shot a congressman and four other people was apparently a volunteer on his losing 2016 presidential campaign
7:21PM ( 6 hours ago )
Fed raises key rate and unveils plan to reduce bond holdings
Federal Reserve raises key policy rate and announces plans to start trimming bond holdings
6:21PM ( 7 hours ago )
Senate panel meets with special counsel in Russia probe
The special counsel appointed to investigate Russian influence in the 2016 presidential campaign has met with a Senate committee probing the same matter
6:10PM ( 7 hours ago )
AP Elections
Trump affects Virginia primaries, but not as expected
President Donald Trump had an outsized effect on Virginia's primary contests for governor, but not in the ways most people expected
4:12AM ( 21 hours ago )
Ed Gillespie wins GOP nomination, will face Northam
Ralph Northam has won the Democratic nomination in Virginia's closely watched race for governor and will face Republican nominee Ed Gillespie in the general election
12:11AM ( 1 day ago )
Ralph Northam wins nomination; GOP race too close to call
Ralph Northam has won the Democratic nomination in Virginia's closely watched race for governor, defeating an insurgent challenger backed by U.S. Sens. Bernie Sanders and Elizabeth Warren
9:47PM ( 1 day ago )
General Election News
California aims to quash immigration detention growth
California is aiming to quash the growth of immigration detention in the state in a proposed budget measure to push back against the Trump administration's plans to boost deportations
11:14PM ( 2 hours ago )
Asian shares fall after Fed rate hike, tracking Wall St lead
Asian shares fall, tracking Wall Street lead after Fed rate hike
10:57PM ( 2 hours ago )
The Latest: Hospital says Scalise needs more operations
The hospital where Rep. Steve Scalise is recovering after being shot says the congressman remains in critical condition and will require several more operations
9:32PM ( 3 hours ago )
AP Business
Vintage typewriters gain fans amid 'digital burnout'
In the age of smartphones, social media and cyber hacking fears, the vintage typewriter that once gathered dust in attics and basements is making a comeback
2:55PM ( 10 hours ago )
Freewheeling Uber sheds officials, faces more major changes
Freewheeling Uber is facing major change as its board cracks down and its founder and CEO steps away indefinitely
3:33AM ( 21 hours ago )
Uber recommendations show company was 'out of control'
Law firm's recommendations to fix Uber show that company was 'out of control'
10:39PM ( 1 day ago )
AP Technology News
Rifle-wielding attacker wounds GOP leader, killed by police
A top House Republican, Steve Scalise of Louisiana, was shot by a rifle-wielding gunman Wednesday at a congressional baseball practice just outside of Washington
1:11AM ( 17 minutes ago )
Twice is nice: Rizzo hits another leadoff homer for Cubs
Anthony Rizzo has two leadoff homers the past two nights for the Cubs in his first two career starts atop the batting order
1:07AM ( 21 minutes ago )
Family of freed student adjusting to 'different reality'
The father of an American college student who was imprisoned in North Korea and was returned to his home state of Ohio in a coma says the family is "adjusting to a different reality."
12:55AM ( 32 minutes ago )
Homeless, but not voiceless, at Carnegie Hall
They're homeless, but a group of men and women from Texas have made it to Carnegie Hall
12:42AM ( 45 minutes ago )
AP Newsbreak: UPS gunman had filed overtime grievance
A union official says the gunman who shot and killed three people at a UPS warehouse in San Francisco had filed a grievance complaining that he was working excessive overtime
12:34AM ( 54 minutes ago )