The state of Georgia on Thursday accused the U.S. Homeland Security Department of apparently trying to hack its election systems, Newsmax reports.
In a letter to Homeland Security Secretary Jeh Johnson, Georgia Secretary of State Brian P. Kemp said a computer traced back to the federal agency in Washington tried unsuccessfully to penetrate the state office’s firewall one week after the presidential election. The letter speculated that what it described as “a large unblocked scan event” might have been a security test.
It sought details, including whether the agency did in fact conduct the unauthorized scan, who authorized it and whether other states might have been similarly probed. Kemp cited the federal law against knowingly accessing a computer without authorization or exceeding authorized access, which is a felony.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”
Kemp said this was “especially odd and concerning” given that he is a member of the U.S. Election Infrastructure Cybersecurity Working Group run by the federal agency.
Homeland Security spokesman Scott McConnell said the department got Kemp’s letter and is “looking into the matter.”
“DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly,” McConnell said.
Forty-eight states accepted offers by the Homeland Security Department to scan their networks ahead of the presidential elections. The scans looked for vulnerabilities that hackers could exploit by hackers. The U.S. also described how states could patch their networks to make it more difficult to penetrate them.
Georgia was among two states that did not accept the department’s offer. It said it had contracted with an outside agency and already implemented protective measures.
“They offered to provide these services, we declined it and then we determine they attempted to hack our system,” said David Dove, chief of staff and legal counsel for Kemp’s office.
Dove said the state was alerted at the time the attack occurred.
Georgia’s system holds personal information on more than 6.5 million residents, more than 800,000 corporate entities and more than 500,000 licensed or registered professionals. The office registers voters, tracks annual corporate filings, grants professional licenses and oversees the state’s securities market.
U.S. officials stepped up outreach to the states in the months prior to the November election after hackers targeted elections-related systems in more than 20 states. The FBI warned state officials of the need to improve their election security after hackers attempted to hack systems in Illinois and Arizona.
The attempted hacks involved efforts to mine data from their voter registration systems. In Arizona a hacker tried to probe voter registration data, but never infiltrated the system, while in Illinois hackers got into the system, but didn’t manipulate any data.