dearJulius.com Write For Us

Georgia Officials Quietly Patched Security Holes They Said Didn’t Exist

© 2017 Getty Images ATLANTA, GA - JUNE 20: Signs lead voters into the polling location at St. Martin In The Fields Episcopal Church for the special election of Georgia's 6th Congressional District on June 20, 2017 in Atlanta, Georgia. Republican candidate Karen Handel and Democratic candidate Jon Ossoff are running against each other in a special election to fill the congressional seat vacated by Secretary of Health and Human Services Tom Price. (Photo by Jessica McGowan/Getty Images)

By Jack Gillum, Jessica Huseman, Mike Tigas and Jeff Kao, ProPublica; and Stephen Fowler, Georgia Public Broadcasting

On Sunday morning, Georgia Secretary of State Brian Kemp unleashed a stunning allegation: State Democrats had committed “possible cyber crimes” after a tipster told party officials he had found gaping security holes in the state’s voter information website. The affair quickly degenerated into volleying charges about whether Democrats had promptly informed officials of the possible security breach.

A representative for Kemp, the state’s Republican candidate for governor, denied vulnerabilities existed in the state’s voter-lookup site and said the problems alleged could not be reproduced. But in the evening hours of Sunday, as the political storm raged, ProPublica found state officials quietly rewriting the website’s computer code.

ProPublica’s review of the state’s voter system followed a detailed recipe created by the tipster, who was described as having IT experience and alerted Democrats to the possible security problems. Using the name of a valid Georgia voter who gave ProPublica permission to access his voter file, reporters attempted to trace the security lapses that were identified.

ProPublica found the website was returning information in such a way that it revealed hidden locations on the file system. Computer security experts had said that revelation could give an intruder access to a range of information, including personal data about other voters and sensitive operating system details.

ProPublica’s attempt to take the next step — to poke around the concealed files and the innards of the operating system — was blocked by software fixes made that evening. According to the tipster’s recipe, it was also possible to view a voter’s driver’s license, partial Social Security number and address.

Kemp is locked in a tight race with Stacey Abrams, a former Democratic leader in the Georgia House. On Monday, his spokesman said the vulnerabilities raised could not be replicated. “There was nothing to substantiate” the claims, said Kemp spokeswoman Candice Broce.

ProPublica’s test on Sunday found traces of the same vulnerabilities the tipster described in his digital recipe. Details of the alleged vulnerabilities were provided to ProPublica by the website WhoWhatWhy.org, which first reported on the security issues this weekend.

Broce said the ability to see where files were stored was “common” across many websites, and she said it was not an inherent vulnerability. She did not deny that the website’s code was rewritten and would not say whether changes were made as a result of the possible security holes. Broce clarified Monday she was instead referring to a webpage’s source code.

“We make changes to our website all the time,” Broce said. “We always move our My Voter Page to a static page before Election Day to manage volume and capacity. It is standard practice.” By Monday afternoon, the page did not appear to be static in the way Broce described, and she did not respond to a request to provide evidence of the change.

Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., disputed that visibility into file storage was common. “It’s definitely not best practice,” he said. He said it appeared the state had made the change in response to being notified of the problem and could see no reason why officials would otherwise make such a change ahead of Election Day.

Security experts frown on making such seemingly ad hoc changes close to major events, such as an election, because they can create unforeseen problems when made so quickly.

Georgia’s secretary of state was first alerted of a potential vulnerability Saturday afternoon. At the time, Washington attorney David Cross — who is representing plaintiffs in a lawsuit against Georgia over its paperless voting machines — alerted the office’s outside counsel that a man named Richard Wright contacted him Friday afternoon and claimed “any and all” information about registered voters could be pulled from the site with just a few keystrokes.

The state’s Democratic Party, for its part, denied running the code and said a party volunteer named Rachel Small merely forwarded Wright’s tip — containing an explainer and recipe that could reproduce the problem — to her boss, who forwarded it to cybersecurity experts. Those experts told the U.S. Department of Homeland Security, the FBI and Georgia officials by mid-Saturday, documents and interviews show.

The state did not know that Small had received her information from Wright — and assumed Small had written the code herself — until ProPublica told them of the connection on Sunday evening. Still, Broce said the investigation into the state Democratic Party was justified.

“You don’t have to actually have someone who is successful in running up against your system,” they don’t have to find a vulnerability for it to be potentially criminal or even try and execute it, Broce said. “All you need, to open an investigation, is information suggesting plans and an attempt to put together some kind of program or utilize specialize tools to find a vulnerability. We did have evidence,” she said, referring to the email forwarded by Small.

Kemp has previously faced election-related security problems, including a case in 2015 when his office mistakenly distributed files with 6 million voters’ private information.

Democratic Party of Georgia spokesperson Seth Bringman said that the party found out about Kemp’s investigation of the purported hack from news reports. He noted that no one from the secretary of state’s office has called to ask about Small. The party, Bringman said, has also not been contacted by the FBI or DHS. Bringman called Kemp’s public statements that Democrats were under investigation “unethical, irresponsible and disqualifying.”

Kemp’s campaign showed no signs of relenting Monday. “In an act of desperation, the Democrats tried to expose vulnerabilities in Georgia’s voter registration system,” spokesman Ryan Mahoney said in a statement. “This was a 4th-quarter, Hail Mary pass that was intercepted in the end zone. Thanks to the systems and protocols established by Secretary of State Brian Kemp, no personal information was breached.”

“These power-hungry radicals should be held accountable for their criminal behavior,” he said.

COMMENTS





Note: If you think this story need more information or correction, feel free to comment below your opinion and reaction.
Name

Opinion,672,Politics,1089,
ltr
item
Politics News: Georgia Officials Quietly Patched Security Holes They Said Didn’t Exist
Georgia Officials Quietly Patched Security Holes They Said Didn’t Exist
https://1.bp.blogspot.com/-mkXMT24UO78/W-FVcYnk7QI/AAAAAAABIaU/OjSK6rCkVeUIzuB7G5OHBZ8sNhGGx5FUACLcBGAs/s1600/4.jpg
https://1.bp.blogspot.com/-mkXMT24UO78/W-FVcYnk7QI/AAAAAAABIaU/OjSK6rCkVeUIzuB7G5OHBZ8sNhGGx5FUACLcBGAs/s72-c/4.jpg
Politics News
https://politics.dailynewsview.com/2018/11/georgia-officials-quietly-patched.html
https://politics.dailynewsview.com/
https://politics.dailynewsview.com/
https://politics.dailynewsview.com/2018/11/georgia-officials-quietly-patched.html
true
1094838897418048383
UTF-8
Loaded All Posts Not found any posts VIEW ALL Read More Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy