Results 1 to 2 of 2

Thread: Something is rotten in the Secretary of State of Georgia

  1. #1
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    14,234

    Default Something is rotten in the Secretary of State of Georgia

    It's bad enough for a candidate to have the authority to essentially regulate his own election, and embarrassing enough to permit him to actually change the electoral system in ways that favour him. But this is a step too far even for an aspiring banana republic like Georgia:

    News orgs report that Kemp's office has launched a probe into the Georgia Democratic Party after an attempt to hack the voter registration system:

    https://www.reuters.com/article/us-u...-idUSKCN1N90MP

    No evidence was released that would justify Kemp launching such an investigation against his political opponents in an election he's participating in.

    But now it makes more sense:

    https://whowhatwhy.org/2018/11/04/ex...ank-safe-door/

    Two days before the midterm elections, a series of security vulnerabilities have been discovered that would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have been in place or whether they have already been exploited.

    Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document, sent from the Democratic Party of Georgia to election security experts, that highlights “massive” vulnerabilities within the state’s My Voter Page and its online voter registration system.

    According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of people’s private information and potentially make changes to their voter registration — including canceling it.

    In this election and during the primaries, voters have reported not showing up in the poll books, being assigned to the wrong precinct, and being issued the wrong ballot.

    All of that could be explained by a bad actor changing voter registration data — and at this point there may be no way of knowing if that happened.

    [...]

    WhoWhatWhy contacted five computer security and election systems experts to review the document.

    None of these cyber security experts tested the vulnerabilities described, downloaded any files, or altered any data.

    All five noted that testing these vulnerabilities without permission would be illegal.

    Instead, several logged onto the My Voter Page to look at the code used to build the site — something any Georgian voter could do with a little instruction — and confirmed the voter registration system’s vulnerabilities.

    They all agreed with the assessment that the data of voters could easily be accessed and changed.

    “For such an easy and low hanging vulnerability to exist, it gives me zero confidence in the capabilities of the system administrator, software developer, and the data custodian,” Kris Constable, who runs a privacy law and data security consulting firm, told WhoWhatWhy. “They should not be trusted with personally identifiable information again. They have showed incompetence in proper privacy-protecting data custodian capabilities.”

    As secretary of state, Kemp is the data custodian, meaning he is responsible for the security of voter information.
    Obviously this is just from one source, and the story is still developing. However, there is some important context:

    https://slate.com/technology/2017/10...ulnerable.html

    On July 3, state voters and a good-government group filed a lawsuit alleging that Georgia officials ignored warnings that the state’s electoral system was extremely susceptible to hacking.

    On July 4, Georgia Secretary of State Brian Kemp’s office was alerted about the lawsuit by the press and declined to comment. It received a copy of the suit on July 6.

    And on July 7, Georgia officials deleted the state’s election data, which would have likely been critical evidence in that lawsuit, the Associated Press reported Thursday.

    Two things could have happened here. Either it was an incredible act of incompetence on the part of Georgia’s election officials, or it was an attempted cover-up to try to hide from the public a major election security lapse. Lawmakers from both parties are calling for heads to roll.

    According to the lawsuit in question, the vulnerabilities included a path via Google to uncover troves of information about the electorate, including passwords into the election systems themselves. Hackers could theoretically have used these holes to breach the system and make changes to voter registries, or even raw votes. Because the state has no paper trail for votes, such an attack would have been incredibly difficult to detect. (The FBI investigated Georgia’s system earlier this year but has not publicly revealed the results of that investigation.) The lawsuit argues that because of the weaknesses in Georgia’s system, the state’s 2016 election and its 2017 special congressional election were potentially compromised.
    There is something seriously wrong with Kemp himself, but something even more wrong with a system that lets this asshat regulate his own election and launch investigations attacking his opponents.
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

  2. #2
    SEÑOR Member Aimless's Avatar
    Join Date
    Jan 2010
    Posts
    14,234
    More details:

    https://www.propublica.org/article/g...-did-not-exist

    These people are both corrupt and shameless.
    “Humanity's greatest advances are not in its discoveries, but in how those discoveries are applied to reduce inequity.”
    — Bill Gates

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •