Georgia voter records sitting on a state website – available to anyone


County employees checking crappy out-of-date touchscreen voting machines

❝ A security researcher disclosed a gaping security hole at the outfit that manages Georgia’s election technology, days before the state holds a closely watched congressional runoff vote on June 20.

The security failure left the state’s 6.7 million voter records and other sensitive files exposed to hackers, and may have been left unpatched for seven months. The revealed files might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls during elections…

❝ Logan Lamb, a 29-year-old Atlanta-based private security researcher…made the discovery last August. He…felt the election center had not been serious enough about security and came forward with his findings, this week.

❝ Lamb discovered the security hole — a misconfigured server — one day as he did a search of the Kennesaw State election-systems website. There, he found a directory open to the internet that contained not just the state voter database, but PDF files with instructions and passwords used by poll workers to sign into a central server used on Election Day. Lamb said he downloaded 15 gigabytes of data, which he later destroyed…

The directory of files “was already indexed by Google,” Lamb said in an interview — meaning that anyone could have found it with the right search.

❝ “I don’t know if the vote could have been rigged, but compromising that server would have served as a great pivot point and malware could have been planted easily,” he added.

❝ Lamb said he notified the center’s director, Merle King, who assured him the hole would be patched and who asked to keep his discovery to himself.

RTFA for the details. Usually, we can categorize information like this as either stupid or ignorant. Maybe we should add incompetent.

2 thoughts on “Georgia voter records sitting on a state website – available to anyone

  1. 4sale says:

    Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy which works for the Republican National Committee and other GOP clients.
    The data offered a strikingly complete picture of the voting histories and political leanings of the American electorate laid out on an easily downloadable format, said cyber-security researcher Chris Vickery. He discovered the unprotected files of 198 million voters in a routine scan of the Internet last week and alerted law enforcement officials.
    The precision and volume of the information, including dozens of data points on individual Republicans, Democrats and independent voters, highlights the rising sophistication of the data-mining efforts that have become central to modern political campaigns. https://www.washingtonpost.com/news/the-switch/wp/2017/06/19/republican-contractor-database-every-voter-exposed-internet-12-days-researcher-says/
    See also “Arlington firm says its data leak of millions of voters occurred ‘without our knowledge’ http://www.bizjournals.com/washington/news/2017/06/19/arlington-firm-says-its-data-leak-of-millions-of.html (roughly 198 million of America’s 200 million registered voters had their information leaked, or roughly 60 percent of the entire American population)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s