INFRA
INFRA
INFRA
Georgia governor candidate sued over exposure of 6.3M voter records
Brian Kemp, the Republican former secretary of state in charge of Georgia’s elections who’s running for governor, has been sued in a lawsuit that accuses him of allowing millions of voter records to be exposed online.
According to local media Wednesday, security researcher Logan Lamb discovered a voter registration database with 6.3 million records of all of Georgia’s voters, along with documents containing election day supervisor passwords in the summer of 2016.
Those records included full names, dates of birth, driver’s licenses and partial social security numbers “all wide open to anyone snooping around,” suggesting that they may have been left unsecured on a cloud server.
Although there’s no evidence that the data had been accessed for nefarious purposes and the electoral data itself is publicly available upon request, it gets worse. Kemp (pictured) is alleged to have deleted the data off a server, hindering an investigation.
Allan Liska, solutions architect and ransomware expert at Recorded Future Inc., told SiliconANGLE that this is another case of improperly secured sensitive data versus actual election system hacking.
“The data was accessible to anyone walking the directory on the web server, but a bigger concern is the fact that it was stored on a Drupal server with a well-known vulnerability that tens of thousands of bots were scanning the internet for and exploiting those systems,” he said, adding that there’s a good chance that Lamb was not the first person to exploit the server.
“Gaining voter registration data is a potentially serious breach, but having usernames and passwords for all of the Georgia voting systems is a significantly bigger problem because that could give an attacker potential access to live vote information,” Liska explained. “It has not been reported, to date, whether the usernames and/or passwords for those systems were changed once the exposed data was reported.”
Even if those passwords have been reported, he said, knowing the systems Georgia is using and how they are deployed could give an attacker enough information to mount a successful attack, he added. “There has been no evidence that this has happened to this point, but there is no way of knowing who else has access to the information that Lamb discovered,” he said.
Photo: Brian Kemp/Twitter
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
