Toss around accusations of a failed attempt to hack a state’s voter registration system — without actually providing any proof — that’s one way to really stir things up right before the midterm elections.
That is what Brian Kemp, Georgia’s current secretary of state — who is also the Republican candidate for governor — did on Sunday. With the midterm elections just a few days away, Kemp accused the Democratic Party of Georgia of hacking the state’s voter registration system. Democrat Stacey Abrams, his opponent, called it “a reckless and unethical ploy” to mislead voters.
Kemp, via the Georgia Secretary of State’s office, first released the following statement:
After a failed attempt to hack the state’s voter registration system, the Secretary of State’s office opened an investigation into the Democratic Party of Georgia on the evening of Saturday, November 3, 2018. Federal partners, including the Department of Homeland Security and Federal Bureau of Investigation, were immediately alerted.
“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” said Candice Broce, Press Secretary. “We can also confirm that no personal data was breached and our system remains secure.”
As you likely noticed, Kemp cited no evidence. He’s been embroiled in controversy, including the potential conflict of interest from remaining as secretary of state instead of stepping down while running for governor. And last week, a federal judge called Georgia’s “exact match” voting requirement overly burdensome and ordered the state to adjust it.
Georgia Democrats emphatically denied the hacking accusations. Abrams told CBS News that Kemp learned about a vulnerability in the voter registration system and attempted breach on Friday but opted not to act until Sunday.
Kemp, via his Secretary of State’s office, later released an update to the first hacking accusation statement:
We opened an investigation into the Democratic Party of Georgia after receiving information from our legal team about failed efforts to breach the online voter registration system and My Voter Page. We are working with our private sector vendors and investigators to review data logs. We have contacted our federal partners and formally requested the Federal Bureau of Investigation to investigate these possible cyber crimes. The Secretary of State’s office will release more information as it becomes available.
Georgia Democratic Party releases emails about voter system vulnerabilities
It should be noted that WhoWhatWhy revealed that it had a copy of an email sent by the Georgia Democratic Party highlighting the vulnerabilities in Georgia’s My Voter Page. It was after that article when Kemp announced the investigation into the Democratic Party of Georgia.
Add this tweet from WSB-TV investigative reporter Aaron Diamant to the clusterflub; it contained a text message from the Georgia Secretary of State’s office, claiming the “FBI is looking for information on ‘Rachel Small’” – asking “why she was talking about trying to hack the Secretary of State’s system.”
BREAKING: Just got this text from Georgia Secretary of State office official…
“The FBI is looking for information on ‘Rachel Small…'” after bombshell announcement its investigating @GeorgiaDemocrat Party for “failed cyberattack” on State’s voter registration system. @wsbtv pic.twitter.com/tYlODB6KV4
— Aaron Diamant (@AaronDiamantWSB) November 4, 2018
The Democratic Party of Georgia responded by claiming, “Team Kemp is losing their minds.”
BREAKING: Team Kemp is losing their minds. Rachel Small is a volunteer for the Democratic Party of Georgia on our voter protection hotline. She received an email from a man named Richard Wright. She forwarded Richard’s email to our voter protection director. Sorry, @BrianKempGA. https://t.co/eogwmEZ2X0
— Georgia Democrat (@GeorgiaDemocrat) November 4, 2018
To “prove” Kemp’s “irresponsible ploy to use the FBI and abuse his power as Secretary of State,” Georgia Democrats released emails.
The first was from “Richard Wright” — a person not affiliated with the Georgia Democratic Party — sent to Rachel Small who is a “volunteer” for the Democratic Party. The email dated on Saturday detailed two security issues. The one dealing with My Voter Page allegedly allowed a person to download any file on the system. The second one, regarding the online voter registration, allegedly allows the URL to be changed and “download anyone’s data and that includes lots of PII.”
Rachel Small then forwarded Wright’s email to Sara Ghazal, the Democratic Party of Georgia’s Voter Protection Director.
The email about the security vulnerabilities that were forwarded by Small – that does not indicate that Small or anyone in the Democratic Party actually did any hacking – are the reason Kemp supposedly was looking for information about Small and launched an investigation after the “failed hacking attempt” allegedly by the Democrats. Kemp’s office told The New York Times that the email showed Small “talking about trying to hack the Secretary of State’s system.”
Previous data breaches affecting Georgia voters
This is not the first time that poor security impacted Georgia voters. Last year, a breach impacted as many as 7.5 million Georgia voter records. In 2015, another data breach led to the release of private information of more than 6 million Georgia voters. Many people have blamed Kemp’s “incompetence” for the breaches.
The Georgia race for governor is being watched closely. If Abrams wins the election, she will be the first African-American female governor in the U.S. Kemp’s allegations, and the timing, certainly make it appear as if he doesn’t want the race to be judged on merit alone.
Some security experts, such as Chris Vickery, are looking into Georgia’s potential online voter flaws.
Georgia needs to get it together.
They need to take all their shit and get it together.
Get your shit together, Georgia. pic.twitter.com/Rvc2UsfpbR
— Chris Vickery (@VickerySec) November 5, 2018
There are some people in this thread not understanding the problem.
That footer text would be *automatically* up-to-date if Georgia was using up-to-date software.
By using ancient software, Georgia is guaranteed to be “hacked” by a malicious actor that looks up developed exploits
— Chris Vickery (@VickerySec) November 5, 2018