Thread: Georgia secretary of state says cyberattacks traced to DHS addresses

Georgia secretary of state says cyberattacks traced to DHS addresses

by: Aaron Diamant Updated: Dec 14, 2016 - 3:55 PM



ATLANTA - The Georgia Secretary of State's Office now confirms 10 separate cyberattacks on its network were all traced back to U.S. Department of Homeland Security addresses.
In an exclusive interview, a visibly frustrated Secretary of State Brian Kemp confirmed the attacks of different levels on his agency's network over the last 10 months. He says they all traced back to DHS internet provider addresses.
As Kemp's office waits on word from the Trump administration about investigating this incident, we're talking with a cyber security expert about why he believes this could happen, on Channel 2 Action News at 6 p.m.
"We're being told something that they think they have it figured out, yet nobody's really showed us how this happened,” Kemp said. "We need to know."
Kemp told Channel 2’s Aaron Diamant his office's cybersecurity vendor discovered the additional so-called vulnerability scans to his network's firewall after a massive mid-November cyberattack triggered an internal investigation.

---

The Secretary of State's Office manages Georgia’s elections, and most concerning for Kemp about the newly discovered scans is the timing.
The first one happened on Feb. 2, the day after Georgia’s voter registration deadline. The next one took place just days before the SEC primary. Another occurred in May, the day before the general primary, and then two more took place in November, the day before and the day of the presidential election.
"It makes you wonder if somebody was trying to prove a point,” Kemp said.
Last week, the DHS confirmed the large Nov. 15 attack traced back to a U.S. Customs and Border Protection internet gateway. But Kemp says the DHS’ story about its source keeps changing.
"First it was an employee in Corpus Christi, and now it's a contractor in Georgia,” Kemp said.
Unsatisfied with the response he got from DHS Secretary Jeh Johnson this week, Kemp fired off a letter Wednesday to loop in President-elect Donald Trump.
"We just need to ask the new administration to take a look at this and make sure that we get the truth the people of Georgia are deserving to know that and really demanding it,” Kemp said.
Kemp says several of those scans came around the same time he testified before Congress about his opposition to a federal plan to classify election systems as "critical infrastructure," like power plants and financial systems.
Kemp believes Georgia’s state-run election systems are already secure and doesn't think the feds should be involved.
The DHS did not return Diamant’s emails seeking comment Tuesday.

http://www.wsbtv.com/news/georgia/ge...-dhs/475707667

Why should anyone trust any of the politicians running around with badges and guns at DHS pretending to be law enforcement when their own employees and or servers are attacking US elected officials and state agencies?

W

Anyone who believes this current Putin/Russian Hacking thing to elect Trump is the same person who thinks DHS secures our country.

Be careful.
Of all the tv stations in the world only this one has this story.

DHS: Georgia incident was legitimate work, not a hack

WRITTEN BY
Greg Otto DEC 12, 2016 | CYBERSCOOP

The Department of Homeland Security told Georgia’s Office of Secretary of State that the IP address associated with an attempted breach of the state agency’s firewall was tracked to an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply concerned.”

According to DHS, someone on the federal department’s security network was conducting legitimate business on the state office’s website, verifying a professional license administered by the state. The state office manages information about corporate licenses and certificates on its website.

The Wall Street Journal was the first to report on the federal department’s response.

A spokesperson for Georgia’s secretary of state office told CyberScoop on Monday that the agency was unaware of any correspondence and is “working with DHS” to resolve the matter.

Georgia Secretary of State Brian Kemp issued a letter to Homeland Security Secretary Jeh Johnson on Thursday after the state’s third-party cybersecurity provider detected an IP address from the agency’s Southwest D.C. office trying to penetrate the state’s firewall. According to the letter, the attempt was unsuccessful.

In a reply, a DHS official said the agency tracked the office to an address associated with CBP, which hosts a portion of DHS’s network. The agency, which is the largest law enforcement agency inside DHS, does not typically get involved in cybersecurity matters.

“DHS has not intentionally scanned the systems of the Georgia Secretary of State office. DHS has not tried to break into those systems,” Phil McNamara, DHS’s Assistant Secretary for Intergovernmental Affairs wrote in an email obtained by the Journal.

“When DHS does scans of a customer, we do not do them through the CBP Internet Gateway. CBP is an entirely different organization. We are deeply concerned with this situation. We’ve had a team working throughout the day trying to determine what has happened.”

Georgia’s cybersecurity provider informed the Office of the Secretary of State that the breach attempt occurred Nov. 15, a few days after the presidential election. The office is responsible for overseeing elections in Georgia.

“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote in the letter, which was also sent to the state’s members of Congress.

“Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.”


https://www.cyberscoop.com/dhs-georg...rk-not-a-hack/

Homeland Security Says Georgia Computer Breach Incident Was Likely Inadvertent

DHS says attempted breach resulted from possible technical glitch


Georgia Secretary of State Brian Kemp, shown in February in Atlanta, said the state had discovered an unsuccessful attempt to breach the firewall of computer systems that house sensitive data, such as voter registration. PHOTO: STAFF/REUTERS


By BYRON TAU
Updated Dec. 9, 2016 7:01 p.m. ET 3 COMMENTS

WASHINGTON—The Department of Homeland Security has reached a preliminary conclusion that what appeared to be an attempted breach of Georgia’s computer systems was due to an inadvertent configuration of a U.S. Customs and Border Protection computer, an official familiar with the matter said.

The DHS official said a preliminary investigation had traced the incident to the computer of an employee at the U.S. Customs and Border Protection whose job responsibilities included verifying professional licensing information that are often maintained by state secretaries of state.

The department has interviewed the employee and now believes that the user’s computer workstation was inadvertently configured to make legitimate inquiries on the state website look like an attempt to breach its computer firewall.

The official said the investigation would continue but the preliminary working theory was that it was a technical glitch and no government employees were attempting to breach the state’s computer system.

Georgia Secretary of State Brian Kemp this week said the state had discovered an unsuccessful attempt to breach the firewall of computer systems that house sensitive data, such as voter registration and corporate information. The attempt occurred on Nov. 15, Mr. Kemp wrote in a letter.

Mr. Kemp’s letter generated a response the same day from Philip McNamara, a top official at the department who serves as assistant secretary for intergovernmental affairs.

“DHS has not intentionally scanned the systems of the Georgia Secretary of State office. DHS has not tried to break into those systems,” Mr. McNamara wrote in an email. He added the federal government had tracked the IP address to Customs and Border Protection.

“When DHS does scans of a customer, we do not do them through the CBP Internet Gateway. CBP is an entirely different organization,” Mr. McNamara said. “We are deeply concerned with this situation. We’ve had a team working throughout the day trying to determine what has happened.”

The incident was detected by a third-party cybersecurity service working with the state. It was reportedly unsuccessful.
Write to Byron Tau at byron.tau@wsj.com

http://www.wsj.com/articles/homeland...tem-1481317853

Apparently it was a hack in that whatever by whoever at DHS wasn't authorized to do whatever they were trying to do.

The DHS official said a preliminary investigation had traced the incident to the computer of an employee at the U.S. Customs and Border Protection whose job responsibilities included verifying professional licensing information that are often maintained by state secretaries of state...

The department has interviewed the employee and now believes that the user’s computer workstation was inadvertently configured to make legitimate inquiries on the state website look like an attempt to breach its computer firewall.

And I've got some oceanfront property for sale in Iowa.

More states confirm suspected cyberattacks sourced to DHS

by: Aaron Diamant Updated: Dec 16, 2016 - 8:54 AM

ATLANTA - Channel 2 Investigative Reporter Aaron Diamant has learned two more states’ election agencies have confirmed suspected cyberattacks linked to the same U.S. Department of Homeland Security IP address as last month’s massive attack in Georgia.

Aaron Diamant
✔@AaronDiamantWSB

BREAKING: 2 other states’ election agencies confirm cyber-attacks linked to same DHS IP address as 11/15 cyber-attack on GA network. @wsbtv
10:54 AM - 15 Dec 2016

The two states reporting the suspected cyberattacks were West Virginia and Kentucky.

"We need somebody to dig down into this story and figure out exactly what happened," said Georgia Secretary of State Brian Kemp.

In the past week, the Georgia Secretary of State’s Office has confirmed 10 separate cyberattacks on its network over the past 10 months that were traced back to DHS addresses.

"We're being told something that they think they have it figured out, yet nobody's really showed us how this happened,” Kemp said. "We need to know."

He says the new information from the two other states presents even more reason to be concerned.
"So now this just raises more questions that haven't been answered about this and continues to raise the alarms and concern that I have," Kemp said.

Through an open-records request, Diamant acquired the results of a survey Kemp asked the National Association of Secretaries of State to send to its members.

West Virginia wrote back, "This IP address did access our election night results on November 7, 2016." Kentucky responded the same IP address “did touch the KY (online voter registration) system on one occasion, 11/1/16.”

In a letter this week, DHS Secretary Jeh Johnson told Kemp the department sourced the mid-November activity in Georgia to a federal contractor conducting what he called "normal" internet searches on the Secretary of State's website. But Kemp says there’s a problem with that answer.
“We haven't been able to recreate this the way they explained it to us,” Kemp said.

Kemp also told Diamant that DHS has yet to explain at least nine other suspected network scans linked to DHS IP addresses over the last year on or around important primary and presidential election dates. Kemp's call for answers is amplified now by the National Association of Secretaries of State, or NASS.

"We have one administration leaving town and another coming in so it does remain to be seen just who will be left holding the bag if we don't get a great explanation on what has occurred very soon,” said Kay Stimpson, with NASS.

Unsatisfied with the response he got from Johnson, Kemp fired off a letter Wednesday to loop in President-elect Donald Trump. He is still awaiting a response.

"We just need to ask the new administration to take a look at this and make sure that we get the truth the people of Georgia are deserving to know that and really demanding it,” Kemp said.

In an emailed statement the Kentucky Secretary of State's office told us it believes the IP address that sparked all this did not attack its system.

West Virginia's Secretary of State did not respond to our request for comment, neither did DHS.
http://www.wsbtv.com/news/local/more...-dhs/476227320