Georgia Secretary Of State Accuses DHS Of Breaching His Office's Firewall

from the we-meant-to-knock-but-we-were-already-inside dept

Mon, Dec 12th 2016 9:39am — Tim Cushing

The DHS finally got serious about protecting election infrastructure from hackers by appointing a bunch of career politicians to its "working group." With all this tech expertise on board, there could be little doubt the 2016 election would be the securest of all.

Following in the wake of Donald Trump's surprise electoral college victory came the news that President Obama wanted a full-scale investigation into alleged Russian hacking that may have affected the outcome of the election. Voting machines remained as insecure as ever though, and no one really seemed to have a problem with that.

The DHS -- caretakers of the non-hacked election -- did whatever the hell it was doing with a handful of Secretaries of State in charge. Presumably, this was limited to making a mockery of the term "paperless office." However, it appears it did actually do some sort of cybersecurity stuff. And, as it is prone to do, the federal government angered others by doing it. (via Slashdot)

Georgia’s secretary of state has claimed the Department of Homeland Security tried to breach his office’s firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation.

Brian Kemp issued a letter to Johnson on Thursday after the state’s third-party cybersecurity provider detected an IP address from the agency’s Southwest D.C. office trying to penetrate the state’s firewall. According to the letter, the attempt was unsuccessful.

Kemp is a member of the DHS's election security working group. He has also spent a fair amount of time issuing combative statements about the federal government's meddling in states' election processes.

Kemp reminds the DHS of his position on the task force in his letter [PDF] demanding answers for the unwanted intrusion.

At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network. Moreover, your Department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.

[...]

Georgia was one of the only few states that did not seek DHS assistance with cyber hygiene scans or penetration testing before this year's election. We declined this assistance due to having already implemented the security measures suggested by DHS.

What more could one ask for? Kemp specifically told the DHS "no" and yet the federal agency apparently decided to push up against his office's protections without notification or permission.

Then again, Kemp has already made several comments expressing his displeasure with perceived federal government intrusions, so it's quite possible this is him making grandstands out of mole hills. The DHS, meanwhile, has promised to look into Kemp's allegations and get back to him.

If the DHS did ignore the wishes of two states which expressly told it to back off, that is a problem. A federal government can't ask states to partner up with it if it's just going to ignore those who decline the offer. It's the sort of "team building" exercise that's bound to fail, because while you're falling over backward on the office cafeteria floor, your federal partner is back inside the office trying to guess the admin account password.

Kemp may be right, but that doesn't make him much less of a blowhard. His objections to federal government intrusion have been mostly partisan attacks, rather than more neutral complaints.

It may be discovered at the end of the DHS's "looking into it" that it was just one of those things that happens when 48 states agree to have the election systems tested and only two don't. It could be the DHS's contractor ran down the list in alphabetical order, looking for state orifices to insert the fed's penetration tester into and simply failed to bypass Georgia.

Whatever the truth is, it's not a good look for the DHS or the federal government. Unfortunately, even if Georgia's direct request was ignored by the DHS, the most that will come out of this will be a rug to sweep everything under, embroidered with the words "issuing new guidelines."

Georgia Secretary of State Letter to DHS Secretary (PDF)Georgia Secretary of State Letter to DHS Secretary (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: brian kemp, cybersecurity, dhs, georgia

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

ransomtheblind, 12 Dec 2016 @ 9:51am

well, they do these things..
We were thinking of joining this program, but decided against it after internal discussions:
https://ics-cert.us-cert.gov/Assessments
Maybe someone at the state decided they'd give it a go and forgot about it or failed to stand up when the governor got really pissed off.
[ link to this | view in chronology ]
PlagueSD (profile), 12 Dec 2016 @ 9:59am

I'm thinking someone at DHS forgot to log into their Russian proxy server before "hacking" the state offices.
[ link to this | view in chronology ]
- SpaceLiifeForm, 12 Dec 2016 @ 3:58pm
  
  scanning and hackimg
  Well, the other states signed
  up, and we verified that we
  already hacked them properly.
  
  So, what's your beef?
  [ link to this | view in chronology ]
Baron von Robber, 12 Dec 2016 @ 10:01am

A bit convoluted. They scanned, yes, but that's not the same as attempting break in (SQL injection, DDOS, Stack Buffer Overflows, etc). It's probing to see what IPs/ports are responding in an attempt to figure out what is running.
[ link to this | view in chronology ]
- pegr, 12 Dec 2016 @ 12:16pm
  
  Re:
  And since you have no knowledge of what actually happened, could I describe your post as "talking out of your ass"?
  [ link to this | view in chronology ]
  - Aaron Walkhouse (profile), 12 Dec 2016 @ 2:07pm
    
    That's how the action was described.
    [ link to this | view in chronology ]
  - Baron von Robber, 13 Dec 2016 @ 2:09pm
    
    Re: Re:
    It's in the document.
    "...detected a large unblocked scan event."
    [ link to this | view in chronology ]
- Groaker (profile), 13 Dec 2016 @ 11:42am
  
  Re:
  That is criminal intent. Civilians have gone to jail for less.
  [ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 10:14am

Looks like the DHS needs some training from Pootin.
[ link to this | view in chronology ]
Pronounce (profile), 12 Dec 2016 @ 10:15am

I Know This is Ridiculous, But...
What if Trump decided to appoint "Ron Swanson" types to the head of each department with the task of making the departments less wasteful and more customer oriented?

Now back to DHS and Kemp: Trump should offer him a job as head of DHS, and tell him, "Put up, or shut up."

As anyone who looks into government should know, government is about government. It's about individuals building kingdoms to control power and money. It's about worker bees invested in keeping their jobs to support their families. (And finding, and keeping tabs on, love interests if they're a part of a spook agency.) It's about "public servants" that are fully invested into a system that works for them; It's their livelihood.

So Trump gets elected by the disenfranchised as a type of "Luddite clog" to break the government system, because it's not meeting their heartfelt needs.

(Of course anarchists are totally on board with this, because as their manifesto states, "A system must be destroyed if something better is to replace it.")
[ link to this | view in chronology ]
- Anonymous Coward, 12 Dec 2016 @ 10:27am
  
  Re: I Know This is Ridiculous, But...
  
  "A system must be destroyed if something better is to replace it.")
  
  That sounds lie someone who is flying the anarchist flag simply as a flag of convenience, because when the system is destroyed they will raise the Jolly roger and grab the power for themselves.
  [ link to this | view in chronology ]
  - Wendy Cockcroft, 14 Dec 2016 @ 2:25am
    
    Re: Re: I Know This is Ridiculous, But...
    Anarchists will always be the cannon fodder of the tyrant. Why does nobody understand this?
    [ link to this | view in chronology ]
- Anonymous Coward, 12 Dec 2016 @ 12:07pm
  
  Re: I Know This is Ridiculous, But...
  Your description of government is fairly accurate. But Trump campaigned on 'draining the swamp' not 'break[ing] the government system'. That's just your Randian fantasy.
  [ link to this | view in chronology ]
John Cressman, 12 Dec 2016 @ 10:40am

No means...
So, to the federal government... No means Yes.
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 11:02am

Bad headline
The headline is "Georgia Secretary Of State Accuses DHS Of Breaching His Office's Firewall", but the quoted text says exactly the opposite: "Georgia’s secretary of state has claimed the Department of Homeland Security tried to breach his office’s firewall.... the attempt was unsuccessful."

And "tried to breach" could mean anything. It wouldn't be hard to spoof a few packets with a DHS source address. Now that we know the Georgian government is watching their firewall logs and is paranoid, I expect they'll get packets "from" lots of interesting sources.
[ link to this | view in chronology ]
I.T. Guy, 12 Dec 2016 @ 11:45am

"looking for state orifices to insert the fed's penetration tester into"

I lol'd there.
Juvenile? Yes.
Still funny though.
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 12:49pm

Silver Lining
At least we have state and federal governments fighting in public. Let's hope it's not just a show for the plebeians.
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 12:53pm

Am I missing something?
Is "cyber hygiene scans" an expression now? I have never heard it in my, admittedly few years in IT.
Actually his whole letter sounds like he should see a doctor instead of a security expert.

Personally I think DHS were either just testing the waters, or building a reputation for being easily discovered. How better to hide one's competence than behind incompetence.
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 1:49pm

...the fed's penetration tester ... simply failed to bypass Georgia.
I think that's what happened to Laurie Love. He just forgot to bypass some systems.
[ link to this | view in chronology ]
Padpaw (profile), 12 Dec 2016 @ 2:38pm

I thought Obama made a statement several weeks ago saying that the election was not hacked by the russians or anyone else.

Did he flip flop on that already?
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 3:47pm

Because terrorists, what else could be the reason?
[ link to this | view in chronology ]
Anonymous Coward, 12 Dec 2016 @ 5:24pm

I can't help but think that real hackers wouldn't be very concerned about getting permission from a blowhard politician. Perhaps they should be happy nobody got in, rather than grandstanding.
[ link to this | view in chronology ]