Georgia secretary of state says cyberattacks traced to DHS addresses
Georgia secretary of state says cyberattacks traced to DHS addresses
by: Aaron Diamant Updated: Dec 14, 2016 - 3:55 PM
http://media.beta.wsbtv.com/theme/im...older-16x9.jpg
ATLANTA - The Georgia Secretary of State's Office now confirms 10 separate cyberattacks on its network were all traced back to U.S. Department of Homeland Security addresses.
In an exclusive interview, a visibly frustrated Secretary of State Brian Kemp confirmed the attacks of different levels on his agency's network over the last 10 months. He says they all traced back to DHS internet provider addresses.
As Kemp's office waits on word from the Trump administration about investigating this incident, we're talking with a cyber security expert about why he believes this could happen, on Channel 2 Action News at 6 p.m.
"We're being told something that they think they have it figured out, yet nobody's really showed us how this happened,” Kemp said. "We need to know."
Kemp told Channel 2’s Aaron Diamant his office's cybersecurity vendor discovered the additional so-called vulnerability scans to his network's firewall after a massive mid-November cyberattack triggered an internal investigation.
The Secretary of State's Office manages Georgia’s elections, and most concerning for Kemp about the newly discovered scans is the timing.
The first one happened on Feb. 2, the day after Georgia’s voter registration deadline. The next one took place just days before the SEC primary. Another occurred in May, the day before the general primary, and then two more took place in November, the day before and the day of the presidential election.
"It makes you wonder if somebody was trying to prove a point,” Kemp said.
Last week, the DHS confirmed the large Nov. 15 attack traced back to a U.S. Customs and Border Protection internet gateway. But Kemp says the DHS’ story about its source keeps changing.
"First it was an employee in Corpus Christi, and now it's a contractor in Georgia,” Kemp said.
Unsatisfied with the response he got from DHS Secretary Jeh Johnson this week, Kemp fired off a letter Wednesday to loop in President-elect Donald Trump.
"We just need to ask the new administration to take a look at this and make sure that we get the truth the people of Georgia are deserving to know that and really demanding it,” Kemp said.
Kemp says several of those scans came around the same time he testified before Congress about his opposition to a federal plan to classify election systems as "critical infrastructure," like power plants and financial systems.
Kemp believes Georgia’s state-run election systems are already secure and doesn't think the feds should be involved.
The DHS did not return Diamant’s emails seeking comment Tuesday.
http://www.wsbtv.com/news/georgia/ge...-dhs/475707667
DHS Hacking and Attacking Georgia Secretary of State
Why should anyone trust any of the politicians running around with badges and guns at DHS pretending to be law enforcement when their own employees and or servers are attacking US elected officials and state agencies?
W
DHS: Georgia incident was legitimate work, not a hack
DHS: Georgia incident was legitimate work, not a hack
WRITTEN BY
Greg Otto DEC 12, 2016 | CYBERSCOOP
The Department of Homeland Security told Georgia’s Office of Secretary of State that the IP address associated with an attempted breach of the state agency’s firewall was tracked to an office in U.S. Customs and Border Protection, a revelation that has DHS “deeply concerned.”
According to DHS, someone on the federal department’s security network was conducting legitimate business on the state office’s website, verifying a professional license administered by the state. The state office manages information about corporate licenses and certificates on its website.
The Wall Street Journal was the first to report on the federal department’s response.
A spokesperson for Georgia’s secretary of state office told CyberScoop on Monday that the agency was unaware of any correspondence and is “working with DHS” to resolve the matter.
Georgia Secretary of State Brian Kemp issued a letter to Homeland Security Secretary Jeh Johnson on Thursday after the state’s third-party cybersecurity provider detected an IP address from the agency’s Southwest D.C. office trying to penetrate the state’s firewall. According to the letter, the attempt was unsuccessful.
In a reply, a DHS official said the agency tracked the office to an address associated with CBP, which hosts a portion of DHS’s network. The agency, which is the largest law enforcement agency inside DHS, does not typically get involved in cybersecurity matters.
“DHS has not intentionally scanned the systems of the Georgia Secretary of State office. DHS has not tried to break into those systems,” Phil McNamara, DHS’s Assistant Secretary for Intergovernmental Affairs wrote in an email obtained by the Journal.
“When DHS does scans of a customer, we do not do them through the CBP Internet Gateway. CBP is an entirely different organization. We are deeply concerned with this situation. We’ve had a team working throughout the day trying to determine what has happened.”
Georgia’s cybersecurity provider informed the Office of the Secretary of State that the breach attempt occurred Nov. 15, a few days after the presidential election. The office is responsible for overseeing elections in Georgia.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote in the letter, which was also sent to the state’s members of Congress.
“Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.”
https://www.cyberscoop.com/dhs-georg...rk-not-a-hack/