Skip to main content

Slashdot: 2018 'Hacking Attempt' Claimed By Georgia Was A Security Test They'd Requested Themselves

2018 'Hacking Attempt' Claimed By Georgia Was A Security Test They'd Requested Themselves
Published on May 30, 2020 at 10:04PM
An anonymous reader quotes the Atlanta Journal-Constitution: It was a stunning accusation: Two days before the 2018 election for Georgia governor, Republican Brian Kemp used his power as secretary of state to open an investigation into what he called a "failed hacking attempt" of voter registration systems involving the Democratic Party. But newly released case files from the Georgia Bureau of Investigation reveal that there was no such hacking attempt. The evidence from the closed investigation indicates that Kemp's office mistook planned security tests and a warning about potential election security holes for malicious hacking. Kemp then wrongly accused his political opponents just before Election Day — a high-profile salvo that drew national media attention in one of the most closely watched races of 2018... The internet activity that Kemp's staff described as hacking attempts were actually scans by the U.S. Department of Homeland Security (DHS) that the secretary of state's office had agreed to, according to the Georgia Bureau of Investigation. Kemp's chief information officer signed off on the DHS scans three months beforehand. The Atlanta Journal-Constitution also reports that the Democratic party's only role was apparently forwarding an email about vulnerabilities to two cybersecurity professors at Georgia Tech, who then alerted authorities: Richard Wright, a Georgia Tech graduate and Democratic voter who works for a software company...found that he could look up other voters' information by modifying the web address on the site, a flaw confirmed by ProPublica and Georgia Public Broadcasting before it was fixed....An election security vendor for the state, Fortalice Solutions, later concluded, however, that there was no evidence that voter information had been accessed, manipulated or changed by bad actors... While publicly denying Wright's claims about vulnerabilities, behind the scenes, Kemp's staff was working to correct them.... The secretary of state's firewall hadn't been set up to block access to the locations identified by Wright, according to a Georgia Bureau of Investigation agent's report. Election officials then "set up safeguards to restrict access to the vulnerable areas" on the last two days before the 2018 general election... This type of weakness, called broken access control, is one of the 10 most critical web application security risks, according to the Open Web Application Security Project, an organization that works to improve software security. In 2016 Kemp also accused the Department of Homeland Security of trying to breach his office's firewall. But a later investigation revealed the activity Kemp cited "was the result of normal and automatic computer message exchanges," apparently caused by someone cutting and pasting data into a Microsoft Excel document.

Read more of this story at Slashdot.

Comments

Popular posts from this blog

Slashdot: AT&T Says Leaked Data of 70 Million People Is Not From Its Systems

AT&T Says Leaked Data of 70 Million People Is Not From Its Systems Published on March 20, 2024 at 02:15AM An anonymous reader quotes a report from BleepingComputer: AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. The data is from an alleged 2021 AT&T data breach that a threat actor known as ShinyHunters attempted to sell on the RaidForums data theft forum for a starting price of $200,000 and incremental offers of $30,000. The hacker stated they would sell it immediately for $1 million. AT&T told BleepingComputer then that the data did not originate from them and that its systems were not breached. ...

Slashdot: US Plans $825 Million Investment For New York Semiconductor R&D Facility

US Plans $825 Million Investment For New York Semiconductor R&D Facility Published on November 02, 2024 at 03:00AM The Biden administration is investing $825 million in a new semiconductor research and development facility in Albany, New York. Reuters reports: The New York facility will be expected to drive innovation in EUV technology, a complex process necessary to make semiconductors, the U.S. Department of Commerce and Natcast, operator of the National Semiconductor Technology Center (NTSC) said. The launch of the facility "represents a key milestone in ensuring the United States remains a global leader in innovation and semiconductor research and development," Commerce Secretary Gina Raimondo said. From the U.S. Department of Commerce press release: EUV Lithography is essential for manufacturing smaller, faster, and more efficient microchips. As the semiconductor industry pushes the limits of Moore's Law, EUV lithography has emerged as a critical technology to ...

Slashdot: AT&T, T-Mobile Prep First RedCap 5G IoT Devices

AT&T, T-Mobile Prep First RedCap 5G IoT Devices Published on October 15, 2024 at 03:20AM The first 5G Internet of Things (IoT) devices are launching soon. According to Fierce Wireless, T-Mobile plans to launch its first RedCap devices by the end of the year, while AT&T's devices are expected sometime in 2025. From the report: All of this should pave the way for higher performance 5G gadgets to make an impact in the world of IoT. RedCap, which stands for reduced capabilities, was introduced as part of the 3GPP's Release 17 5G standard, which was completed -- or frozen in 3GPP terms -- in mid-2022. The specification, which is also called NR-Light, is the first 5G-specific spec for IoT. RedCap promises to offer data transfer speeds of between 30 Mbps to 80 Mbps. The RedCap spec greatly reduces the bandwidth needed for 5G, allowing the signal to run in a 20 MHz channel rather than the 100 MHz channel required for full scale 5G communications. Read more of this story at...