ATLANTA (CN) — A cybersecurity expert says a forensic image of Georgia’s election server contains evidence that the old system was infiltrated by hackers before the 2016 presidential election.
The alleged December 2014 hacking incident, which is central to an ongoing legal battle over the integrity of Georgia’s election system, raises new questions about whether attackers were able to use the compromised server to manipulate election data or voter information.
A status report filed Thursday in Atlanta federal court is part of a 2017 lawsuit brought by the Coalition for Good Governance against Georgia Secretary of State Brad Raffensperger to bar the state from using its controversial electronic voting machines. Georgia has since switched to new machines with a paper trail.
Logan Lamb, a security expert for the coalition, said he found evidence that the server was compromised by an unknown number of hackers, according to the status report.
Lamb said he found the evidence during an investigation conducted as part of the lawsuit, which suggests that a hacker exploited a well-known bug to gain control of the server. The vulnerability, called “shellshock,” was left unpatched by officials even after the Department of Homeland Security issued a security alert about it.
“Evidence on the server shows that the attacker illegally infiltrated the server, edited files, and deleted almost all records of their activities,” the filing states.
The report alleges that the shellshock attack would have given the hacker “almost total control of the server including abilities to modify files, delete data, and install malware.”
Since the server contained software and voter registration data that was routinely loaded into voting machines, Lamb warned that it could have been used to spread malware throughout the voting system.
The attacker apparently covered his or her tracks by trying to hide evidence of the intrusion. Lamb found that website access logs before and during the 2016 election were “inexplicably deleted,” making it difficult to determine the scope of the damage from the breach.
The status report states that the access logs only go back to Nov. 10, 2016 – two days after Donald Trump defeated Hillary Clinton in the presidential election.
Brian Kemp, who served as Georgia’s secretary of state during both the 2016 and 2018 elections, won the 2018 gubernatorial race over Democratic opponent Stacey Abrams by a narrow margin.
Now, the coalition is urging the court to prevent state officials from destroying voting system electronic records and documents so that a “full forensic analysis” of the security of Georgia’s new voting system can be performed and prophylactic measures can be developed based on those findings to prevent hackers from using their knowledge of the old system to attack the new one.
According to court documents, the coalition is concerned that if old voting machines were infected by malware distributed by hackers, there is a risk that the malware could be transferred to the state’s new BMD, or ballot-marking devices, voting system when candidate and contest information is imported from Georgia’s election information management system.
Lamb previously discovered that the server was not secure and exposed to the open internet in 2016, just months before the presidential election. The Center for Election Systems at Kennesaw State University, which was responsible for programming all Georgia voting machines, owned and operated the server at that time.
Lamb alerted the director of the KSU center to the vulnerability in August 2016.
The coalition filed its lawsuit the following year and sought to obtain the server for evidence to support its allegation that Georgia’s election system is not secure, but KSU officials wiped the server clean days after the complaint was filed. The KSU center was dismantled by the secretary of state’s office after the incident.
Last December the coalition finally obtained a copy of the server’s contents, which was made by the FBI in March 2017.
A representative for Governor Kemp did not immediately respond to a request for comment Friday.
Walter Jones, a spokesman for Secretary of State Raffensperger, criticized the lawsuit in an emailed statement Friday.
“These plaintiffs have failed to prevail in the voting booth, failed in the General Assembly, failed in public opinion, and now they are making a desperate attempt to make Georgia’s paper-ballot system fail as well by asking a judge to sabotage its implementation,” Jones said.