Critical Infrastructure Security , Incident & Breach Response , Managed Detection & Response (MDR)

Georgia Election Further Complicated by Hacking Accusation

Secretary of State - and Republican Candidate - Probes State's Democratic Party
Georgia Election Further Complicated by Hacking Accusation
Photo: Heather Kennedy via Flickr/CC

The Republican gubernatorial candidate in Georgia has accused the state's Democratic Party of attempting to hack the state's voter registration database. But his charge has triggered skepticism and a fierce rebuttal from the accused.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

The accusation, from Brian Kemp, is further complicated because he is also the state's current secretary of state, who supervises election infrastructure and procedures.

On Sunday, Kemp's office released a two paragraph statement saying he'd ordered his office to open an investigation into the Democratic Party of Georgia "after a failed attempt to hack the state's voter registration system."

Brian Kemp

"While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes," says Candice Broce, Kemp's press secretary, in the written statement. "We can also confirm that no personal data was breached and our system remains secure."

Later on Sunday, Kemp's office released an update saying it is "working with our private sector vendors and investigators to review data logs."

Kemp is in a heated race with Democrat Stacey Abrams, who, if elected, would become the first black woman to serve as a state governor in U.S. history. It's one of the most closely watched races in the country, as President Donald Trump has stumped for Kemp, and Abrams has drawn high-profile support from Oprah Winfrey and former President Barack Obama.

Stacey Abrams

Kemp's statement didn't specify when the incident happened or how. The FBI and the Department of Homeland Security have been notified, according to the statement.

Democratic Party of Georgia Executive Director Rebecca DeHart called the allegation "yet another example of abuse of power by an unethical secretary of state."

"This political stunt from Kemp just days before the election is yet another example of why he cannot be trusted and should not be overseeing an election in which he is also a candidate for governor," DeHart says.

Kemp has faced repeated calls for him to recuse himself from his election security oversight role, given the potential conflict of interest. But he has declined to do so.

Alleged Vulnerabilities

Glimmers of what might actually be going on in Georgia emerged later on Sunday.

Reuters reports that a businessman, Richard Wright, who has expertise in software, discovered security-related information concerning Georgia's voting systems. Reuters quotes attorney David Cross as saying Wright passed the data to him, which he forwarded to Kemp's office and to Georgia's Democratic Party.

On Sunday, Georgia's Democratic Party sought to clarify how it became involved. The party runs a voter protection hotline, and the party says one its volunteers, Rachel Small, received an email from Wright. Small then forwarded the email to its voter protection hotline director.

A non-profit media organization, Who.What.Why., reported on Sunday that it had obtained an email and a document that Georgia's Democratic Party had sent to election experts.

The publication reported that the document detailed vulnerabilities in Georgia's My Voter Page site that could allow someone to view private voter information and to cancel someone's registration. The site allows voters to view their registration and check the status of their ballot.

Vulnerabilities have allegedly been found in Georgia's My Voter Page, which is an online service for handling voter registrations. The flaws could reportedly be exploited to cancel a voter's registration.

Voter Registration Battles

Kemp's position as Georgia's secretary of state has put him in the crossfire when it comes to questions of not just election security, but also access to the polls.

Opponents have alleged that his office has purposely tried to make it more difficult for some voters - particularly minorities - to meet identification requirements set by authorities. Those rules include an exact match of registered voter names with state records, such as driver's licenses, ID cards and Social Security data.

Some election watchers contend that Kemp's position as the overseer of election processes and security poses an inherent conflict of interest because he's a candidate for governor.

"In Georgia's upcoming gubernatorial election, popular confidence is threatened not only by the undeniable racial discrimination of the past and the serious questions that the federal courts have raised about the security of Georgia's voting machines, but also because you are now overseeing the election in which you are a candidate," former President Jimmy Carter wrote to Kemp in a letter dated Oct. 22.

"In order to foster voter confidence in the upcoming election, which will be especially important if the race ends up very close, I urge you to step aside and hand over to a neutral authority the responsibility of overseeing the governor's election," Carter added.

Meanwhile, the battle over Georgia's voter registration rules has spilled into court, with voter rights advocates gaining a victory just ahead of the election.

On Friday, a federal judge granted a preliminary injunction allowing 3,141 people in Georgia who were inaccurately flagged as non-citizens to cast a vote if they provide documentation of citizenship to poll managers.

Voter rights groups had also sought relief for 48,000 other people who had been barred on citizenship grounds. But it's unclear if their situations will be addressed before Tuesday.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.