Hackers may have gained ‘almost total control’ of an election server in Georgia, report says

Activist groups suing the state are demanding an end to the use of paperless voting machines

Chris Riotta
New York
Saturday 18 January 2020 22:35 GMT
Comments
'This is what we call voter suppression' Georgia voters angry as they're told there are no power cords for voting machines

An election security report has revealed evidence of a possible hacking on a Georgia server that may have compromised the state’s voting machines in both 2016 and 2018.

The alleged attack on a Georgia election server was first discovered by Logan Lamb, an election security expert who suggested that hackers may have been able to significantly interfere with state voting data.

If the hackers successfully broke into the server, Mr Lamb said in his report that they likely obtained “almost total control of the server, including abilities to modify files, delete data, and install malware”.

Multiple activist groups have filed a lawsuit arguing that the vulnerabilities would have allowed hackers to manipulate the results of the state’s most recent elections.

Republican Brian Kemp narrowly beat Democrat Stacey Abrams during the 2018 gubernatorial race, in which he ran while serving as Georgia’s secretary of state.

Georgia officials have insisted the server was not used to transmit voter registration files and other election materials to voting machines across the state.

Mr Lamb’s report was included as an affidavit filed in an Atlanta federal court on Thursday.

Marylin Marks, executive director of the Coalition for Good Governance, told Politico that evidence of the possible hacking “creates a very dark cloud over all of the previous elections” in Georgia. Her organisation is one of the groups suing the state over the compromised server.

“We know there was no way to audit” the results of the previous elections, Ms Marks said. “There was no … attempt at accountability by the secretary of state, and the entire programming of elections was outsourced.”

“What Logan’s findings show us,” she added, “is that vulnerabilities were not just hypothetical as the state had been claiming. Now we know that it was a very real risk, but what we don’t know is just how bad did it get. And the public deserves to know.”

The alleged attack has added fuel to an ongoing debate about the integrity of Georgia’s elections. The state uses paperless voting machines, a process the activist groups behind the lawsuit are hoping to put an end to, and the election server had previously faced security issues before the 2016 elections.

The Centre for Election Systems at Kennesaw State University, which was tasked with overseeing the programming of Georgia’s elections, then erased all of the data on the server in question. Mr Lamb was later able to assess a copy of the server collected by the FBI in March 2017 after state officials lost a years-long battle to prevent it from being examined in 2019.

“I can think of no legitimate reason why records from that critical period of time should have been deleted”, Mr Lamb wrote in the affidavit.

He reportedly found a vulnerability dubbed “Shellshock” that allowed the server to be compromised in December 2014, as well as a separate, unpatched vulnerability in its Drupal software that could have allowed the hacking to take place prior to the 2016 elections.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in