Election Hacking: Georgia Server Wiped After Vulnerabilities Exposed
A computer server used by the state of Georgia to store important election data was wiped of all information by custodians shortly after a lawsuit was filed against state election officials, the Associated Press reported.
The server, which was maintained by the Center for Election Systems at Kennesaw State University, had all of its data erased by technicians on July 7. The computer had previously been used as the primary staging location for election-related information.
The server was of central interest of a lawsuit filed against the state by a group of election reform advocates who hoped to force Georgia to retire its currently election technology, which has come under fire for being antiquated and potentially unsecure.
Earlier this year, security researcher Logan Lamb exposed a significant security flaw in the state’s election systems that would allow an attacker to gain unfettered access to important election data.
Lamb discovered that it was possible to access the state’s full voter registration records for more than 6.7 million Georgia residents. Additionally, he found PDFs that contained instructions and passwords in plaintext intended to be provided for election officials working the polls on election day, as well as software files for the state’s electronic poll books.
The researcher also found databases for Global Election Management Systems (GEMS) servers, which are used to prepare both paper and electronic ballots, tabulate votes and create summaries of vote totals.
The breadth of data sitting unprotected on the server, combined with the fact the server was also running an unpatched version of its content management software that contained known vulnerabilities, opened up the possibility that hackers could seize control of Georgia voting machines to steal information or even alter code that could affect electoral outcomes.
The vulnerabilities to Georgia’s election server was first discovered shortly before the state held a special runoff election to fill a seat in its sixth congressional district left vacant after Tom Price resigned to serve as the Secretary of Health and Human Services in the Donald Trump Administration.
Now the data stored on that server is gone, and it is unclear who ordered the wipe be performed.
The Kennesaw election center generally takes its orders from Georgia’s secretary of state, a position currently held by Brian Kemp—a Republican who announced his intention to run for governor of the state in 2018. Kemp’s predecessor in the role of secretary of state, Karen Handel, won the runoff election for the Congressional seat.
Kemp is the main defendant in the lawsuit filed by election advocates representing Georgia voters. The plaintiffs hope to make Kemps and the state retire the 27,000 touchscreen voting machines (powered by 15-year-old vote-management software) that are currently used across the state in favor of a system that uses paper ballots and produce hardcopy proof of voter intent.
A key element of the lawsuit against the state was going to be an independent security review of the Georgia election server. The opportunity to show the potential risks presented by the server was wiped along with the data.
The FBI at one point made an exact data image of the server when it was investigating the security hole discovered in the state’s system. It is unclear if the FBI still has the image or if it can be used in the lawsuit.
© Copyright IBTimes 2024. All rights reserved.