INFRA
INFRA
INFRA
Georgia governor candidate sued over exposure of 6.3M voter records
Brian Kemp, the Republican former secretary of state in charge of Georgia’s elections who’s running for governor, has been sued in a lawsuit that accuses him of allowing millions of voter records to be exposed online.
According to local media Wednesday, security researcher Logan Lamb discovered a voter registration database with 6.3 million records of all of Georgia’s voters, along with documents containing election day supervisor passwords in the summer of 2016.
Those records included full names, dates of birth, driver’s licenses and partial social security numbers “all wide open to anyone snooping around,” suggesting that they may have been left unsecured on a cloud server.
Although there’s no evidence that the data had been accessed for nefarious purposes and the electoral data itself is publicly available upon request, it gets worse. Kemp (pictured) is alleged to have deleted the data off a server, hindering an investigation.
Allan Liska, solutions architect and ransomware expert at Recorded Future Inc., told SiliconANGLE that this is another case of improperly secured sensitive data versus actual election system hacking.
“The data was accessible to anyone walking the directory on the web server, but a bigger concern is the fact that it was stored on a Drupal server with a well-known vulnerability that tens of thousands of bots were scanning the internet for and exploiting those systems,” he said, adding that there’s a good chance that Lamb was not the first person to exploit the server.
“Gaining voter registration data is a potentially serious breach, but having usernames and passwords for all of the Georgia voting systems is a significantly bigger problem because that could give an attacker potential access to live vote information,” Liska explained. “It has not been reported, to date, whether the usernames and/or passwords for those systems were changed once the exposed data was reported.”
Even if those passwords have been reported, he said, knowing the systems Georgia is using and how they are deployed could give an attacker enough information to mount a successful attack, he added. “There has been no evidence that this has happened to this point, but there is no way of knowing who else has access to the information that Lamb discovered,” he said.
Photo: Brian Kemp/Twitter
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
