Georgia Secretary of State Brian Kemp has a good question. Why has the Department of Homeland Security been trying since February 2016 to hack his agency’s voter registration database? Kemp posed the question to DHS last week, but has yet to receive a satisfactory answer.
Readers will remember that back in August, Jeh Johnson and DHS jumped on the “rigged election” train to try to centralize federal power over the conduct of American elections. America’s voting systems, said Johnson, should be declared “critical infrastructure,” so that they could be properly protected by DHS. The move had the hallmarks of a federal power grab, and I expressed strong reservations about that at the time.
So did a number of the states, including Georgia. Secretary Kemp was decidedly skeptical of Johnson’s motives when he addressed the issue in late August.
“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”
During an earlier interview with the site Nextgov, Kemp warned: “The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” Kemp told POLITICO he sees a “clear motivation from this White House” to expand federal control…
At that time, Kemp apparently was not yet aware of the several prior attempts by someone acting from a DHS Internet address to intrude into the Georgia Secretary of State databases. He was just speaking from a concern on principle.
The same principle caused Kemp to decline the offer of DHS cyber-security assistance made to the states around 1 October. (There’s a separate reason this may have been a good move on Kemp’s part. As pointed out in this post, DHS itself has a horrendous IT security record, having been hacked “big league” on a number of occasions.)
So count Brian Kemp a Russian-hacking-scare “denier,” if you’re inclined to see things in those terms.
It was detecting an intrusion attempt on 15 November, a week after the election, that alerted the IT security folks for the Georgia Secretary of State site that the DHS attacks were going on. Kemp publicly demanded an explanation of the 15 November attempt last week. (It was unsuccessful, incidentally, as all the previous attempts were.)
But that attempt turned out to be only the most recent one. On 14 December, Kemp’s office confirmed that there have been at least 10 intrusion attempts from the DHS address, starting in February 2016. Several of them occurred just before the election dates this year.
On Friday, 9 December, DHS said that one of its employees had triggered the Georgia system to react when he was trying to make authorized contact with it. The explanation, said DHS, was that “the employee’s system was configured in a way that caused Georgia’s security vendor to misinterpret the visit as a scan of its systems.”
But Kemp’s security people aren’t buying that. For one thing, it’s not making sense to the vendor, Microsoft.
In a letter to Kemp on Tuesday, [Jeh] Johnson blamed a Microsoft product for the error, but Kemp is not convinced.
“The scenario DHS has proposed has still not been verified by Microsoft,” Kemp wrote Johnson late Tuesday. “There are still many questions regarding the origin and intent of this attack that remain unanswered.”
For another thing, as reported by WSB-TV in Atlanta (link above), DHS hasn’t told a consistent story:
Last week, the DHS confirmed the large Nov. 15 attack traced back to a U.S. Customs and Border Protection internet gateway. But Kemp says the DHS’ story about its source keeps changing.
“First it was an employee in Corpus Christi, and now it’s a contractor in Georgia,” Kemp said.
The story makes even less sense if we’re to believe that an authorized CBP employee tried to access a Georgia Secretary of State server multiple times since February, and kept registering mistakenly as an intruder each time, but nobody else in either government agency knew or did anything about it until last week. We know the attempts from the CBP IP address failed. That would mean someone trying to make authorized access was unable to do his job. Yet neither that person nor DHS ever followed up on the problem?
It doesn’t pass the smell test. Brian Kemp isn’t trusting the Obama DHS to close this out. He’s asking the incoming Trump administration to look into it.
The likelihood seems pretty high that DHS also tried to hack any other secretary of state who didn’t give DHS access to his or her state system, in order to benefit from Homeland Security’s cyber-security expertise in the November election.