Last week we noted a letter from Georgia Secretary of State, Brian Kemp, to the Department of Homeland Security questioning why someone with a DHS IP address (18.104.22.168) had attempted to hack into his state’s election database on November 15, 2016 at 8:43AM. Now, according to WSB-TV in Atlanta, we learn that Georgia’s election systems were actually the target of hacking by DHS on 10 separate occasions.
The Georgia Secretary of State’s Office now confirms 10 separate cyberattacks on its network were all traced back to U.S. Department of Homeland Security addresses.
In an exclusive interview, a visibly frustrated Secretary of State Brian Kemp confirmed the attacks of different levels on his agency’s network over the last 10 months. He says they all traced back to DHS internet provider addresses.
“We’re being told something that they think they have it figured out, yet nobody’s really showed us how this happened,” Kemp said. “We need to know.”
Kemp told Channel 2’s Aaron Diamant his office’s cybersecurity vendor discovered the additional so-called vulnerability scans to his network’s firewall after a massive mid-November cyberattack triggered an internal investigation.
Meanwhile, Kemp pointed out that all of the attempted hackings occurred around critical registration and voting deadlines calling into question whether “somebody was trying to prove a point.”
The Secretary of State’s Office manages Georgia’s elections, and most concerning for Kemp about the newly discovered scans is the timing.
The first one happened on Feb. 2, the day after Georgia’s voter registration deadline. The next one took place just days before the SEC primary. Another occurred in May, the day before the general primary, and then two more took place in November, the day before and the day of the presidential election.
“It makes you wonder if somebody was trying to prove a point,” Kemp said.
Of course, the Obama administration, a pillar of “transparency” for sure, has confirmed the attacks originated at the DHS but has refused to provide a straight story on why the attempted hackings occurred. Furious with the lack of answers, Kemp has now written a letter to the Trump administration asking for a formal review after his inauguration next month.
Last week, the DHS confirmed the large Nov. 15 attack traced back to a U.S. Customs and Border Protection internet gateway. But Kemp says the DHS’ story about its source keeps changing.
“First it was an employee in Corpus Christi, and now it’s a contractor in Georgia,” Kemp said.
Unsatisfied with the response he got from DHS Secretary Jeh Johnson this week, Kemp fired off a letter Wednesday to loop in President-elect Donald Trump.
“We just need to ask the new administration to take a look at this and make sure that we get the truth the people of Georgia are deserving to know that and really demanding it,” Kemp said.
Kemp says several of those scans came around the same time he testified before Congress about his opposition to a federal plan to classify election systems as “critical infrastructure,” like power plants and financial systems.
As we’ve said before, despite all the media attention on “Russian hackers,” this cyberattack, originated from within our own Department of Homeland Security, is the only actual confirmed case of hacking related to the 2016 election.
* * *
For those who missed it, here is what we wrote last week after the initial hacking was discovered.
Georgia Secretary of State Brian Kemp is anxiously wondering, as are we, why someone with a Department Of Homeland Security IP address would try to hack into his State’s voter registration database. Even though DHS offered cyber security help to states prior to the election, the Wall Street Journal notes that Georgia was one of the states that specifically denied assistance.
The secretary of state of Georgia is asking the Department of Homeland Security to explain what appears to be an attempted breach of the state’s voter registration database by someone in the federal government.
In a letter to Department of Homeland Security Jeh Johnson dated Thursday, Georgia’s Secretary of State Brian Kemp said the state had discovered an unsuccessful attempt to breach the firewall of state computer systems. That attempt was linked to an IP address associated with DHS, he said.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” wrote Mr. Kemp, a Republican. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”
The alleged attempted intrusion by the federal government on a state computer system responsible for election security was detected by a third-party security firm working for the state of Georgia. The attempt was unsuccessful, according to the state. The computers also house information about company incorporations.
According to a letter written by Kemp to DHS Secretary Jeh Johnson, the attempted intrusion occurred 1 week after the election on November 15, 2016 at 8:43AM and came from an IP address associated with DHS (22.214.171.124).
Of course, since the hacking a state’s election database it technically illegal, even for DHS, Kemp had some fairly pointed questions for Johnson on who authorized the scan and how many other states were scanned without authorization.
Meanwhile, the potential hacking followed threats from Jeh Johnson leading up to election day to declare election systems “critical infrastructure” which would have given the federal government more authority over state databases.
The Department of Homeland Security made a major push in advance of November’s elections to help states secure election systems against possible hacking, as fears of foreign interference in the U.S. election process reached a fever pitch in the months leading up to Election Day.
The department also considered declaring election systems “critical infrastructure,” which would have given the federal government additional authority to protect the systems. DHS didn’t take that step, however, as many states expressed concern about additional federal authority over their election systems and said the constitution provided states the right to run their own elections.
As a result of some of the concerns, the department clarified that assistance on election-related security matters was voluntary and encouraged states to take advantage of DHS resources and expertise to help secure state election systems.
“DHS assistance is strictly voluntary and does not entail regulation, binding directives, and is not offered to supersede state and local control over the process,” Mr. Johnson, the DHS chief, said in September.
Georgia was one of the states that had declined the federal government’s assistance for election security, citing state sovereignty. “Right now, we’re just demanding answers,” said David Dove, a top aide to the Georgia secretary of state. “My boss, Secretary Kemp, has been a very vocal critic of the Department of Homeland Security declaring election systems critical infrastructure.”
After all the talk about Russian hackers, wouldn’t it be just perfect if it turns out that the Obama administration was the only group to actually attempt to illegally hack into a state election database? That said, we won’t hold our breath waiting for Jill Stein and disaffected Hillary supporters to express their outrage over this incident.