Print this page
Published in News

Hacker conspiracy award goes to Brian Kemp

by on01 June 2020


Sees hacks when sitting on security holes

Georgia governor, Republican Brian Kemp seems to have a problem with democratic party hackers.

He has been on the blower to the FBI and Homeland Security and even started an investigation of his own into hacks into his networks. The only problem is that the investigations have never found any hacks and they appear to have originated in his own head or show a poor understanding of how network security works.

Two days before the 2018 election for Georgia governor, Republican Brian Kemp used his power as secretary of state to open an investigation into what he called a "failed hacking attempt" of voter registration systems involving the Democratic Party. But newly released case files from the Georgia Bureau of Investigation reveal that there was no such hacking attempt.

After a closed investigation it turned out Kemp's office mistook planned and routine security tests and a warning about potential election security holes as proof of malicious hacking.

Kemp then wrongly accused his political opponents just before Election Day — a high-profile salvo that drew national media attention in one of the most closely watched races of 2018. To make matters worse,  Kemp's chief information officer signed off on the DHS scans three months beforehand.

According to the Atlanta Journal-Constitution also reports that the Democratic party's only role was apparently forwarding an email about vulnerabilities to two cybersecurity professors at Georgia Tech, which then alerted authorities.

Richard Wright, a Georgia Tech graduate and Democratic voter who works for a software company...found that he could look up other voters' information by modifying the web address on the site, a flaw confirmed by ProPublica and Georgia Public Broadcasting before it was fixed....An election security vendor for the state, Fortalice Solutions, later concluded, however, that there was no evidence that voter information had been accessed, manipulated or changed by bad actors.

While publicly denying Wright's claims about vulnerabilities, behind the scenes, Kemp's staff were working to correct them.

Apparently the secretary of state's firewall hadn't been set up to block access to the locations identified by Wright, according to a Georgia Bureau of Investigation agent's report.

Election officials then "set up safeguards to restrict access to the vulnerable areas" on the last two days before the 2018 general election.

This type of weakness, called broken access control, is one of the 10 most critical web application security risks, according to the Open Web Application Security Project, an organization that works to improve software security.

Kemp has form for this sort of thing. In 2016 Kemp also accused the Department of Homeland Security of trying to breach his office's firewall.

But a later investigation revealed the activity Kemp cited "was the result of normal and automatic computer message exchanges", caused by someone cutting and pasting data into a Microsoft Excel document.

Last modified on 01 June 2020
Rate this item
(2 votes)