Georgia Patches Election Web Site Two Days Before Elections – Calls it Normal

November 6, 2018 CyberCecurity Leave a comment

I am not sure who we should be more concerned about – us or them.

The Georgia Secretary of State, who is also running for Governor, has accused the Democrats of unsuccessfully trying to hack the state’s election system and referred it to the FBI.

Propublica is reporting that Kemp, the Secretary of State, quietly patched (it is reported that they rewrote the code on (How extensive that might be is unclear). the web site on Sunday after saying the site was secure and had no vulnerabilities.

Kemp said that State Democrats had committed possible cyber crimes after the Dems were notified by someone that he had found gaping security holes in the state’s voter information web site.

A Kemp spokesman denied vulnerabilities existed in the state’s voter lookup site and said that they could not reproduce the problem.

Propublica validated part of the tipster’s claim but other parts did not work after the state made fixes to the web site less than 48 hours before the midterm elections.

On top of all that, on Monday, Kemp’s spokesman claimed that they made changes to the site to support volume, but experts claim that the changes she said were made were, in fact, not made.

From an operational stability viewpoint you would NEVER make a change that close to a major event for fear of breaking something. Georgia likely has been testing and retesting their web site and other IT systems for months to make sure that nothing breaks today and to make major changes a day or two before the election likely meant that they did, in fact, find serious problems and felt that they had to fix them. Minor problems would have been ignored because the very last thing that Kemp would want would be for the site to be down or go down on election day.

The Democrats, for their part, claim they forwarded the information to the FBI, Homeland Security and the State of Georgia by mid-day Saturday.

A more likely explanation for Kemp’s actions is that he is not happy that they reported the problem the the FBI and Homeland Security rather than quietly telling him so he could fix it without telling anyone. Now he is both embarrassed and has a reputation problem after saying the site is secure.

Welcome to politics in America. By the way, who knows if the Chinese and Russians were aware of or abused these security holes. No one is saying.

Information for this post came from Propublica.