BOSTON — A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked.
The server was left exposed to the open internet for at least six months, a problem the same expert discovered in August 2016. It was subsequently wiped clean in mid-2017 with no notice, just days after election integrity activists filed a lawsuit seeking an overhaul of what they called the state’s unreliable and negligently run election system.
In late December 2019, the plaintiffs were finally able to obtain a copy of the server’s contents that the FBI made in March 2017 and retained.
State officials have said they’ve seen no evidence that any election-related data was compromised. But they also long refused to submit the server image for an independent examination.
Logan Lamb, a security expert for the plaintiffs, said in an affidavit filed in Atlanta federal court on Thursday that he found evidence suggesting the server was compromised in December 2014. Lamb said the evidence suggests an attacker exploited a bug that provided full control of the server.
Lamb also said he determined that computer logs — which would have been critical to understanding what might have been altered on or stolen from the server — only go back to Nov. 10, 2016 — two days after Donald Trump was elected U.S. president. Two years later, Brian Kemp won the Georgia governor’s race by a narrow margin over Democrat Stacey Abrams.
Kemp oversaw Georgia’s elections during the 2016 race as secretary of state. Election administration was handled at Kennesaw State University by an outfit that Kemp’s office dismantled after the server-wiping incident.
Additionally, Lamb found evidence that election-related files were deleted from the server on March 2, 2017, just after a colleague of his alerted KSU officials that the election server remained vulnerable to hackers.
It was Lamb who initially alerted Merle King, director of the elections center at KSU, in August 2016 of a gaping security hole that left the server vulnerable to tampering.
The fact that the access logs were deleted suggests possible foul play, Lamb wrote. “I can think of no legitimate reason why records from that critical period of time should have been deleted,” he said in his sworn statement.
A protective order prevented Lamb from speaking to a reporter about his findings. A spokesman for Georgia’s secretary of state, Brad Raffensperger, had no immediate comment.
In his original and less methodical examination of the server after he discovered it exposed online, Lamb said he found personal data for Georgia’s 6.7 million voters as well as passwords used by county officials to access election-staging files.
For the 2020 election, Georgia officials are replacing antiquated touchscreen voting machines that have long been discredited by computer scientists. But Marks’ group rejects the computerized ballot-marking devices the state has purchased to replace them.
It maintains, paralleling the findings last year of a National Academies of Sciences report, that the only secure voting solution are hand-marked ballots processed by scanners that leave a paper trail that can be audited later. Most U.S. voters will use systems with an auditable paper trail in November.
“The defendants have since day one tried to do everything possible to obstruct the public, the plaintiffs and the court from seeing the shambles of what they had in an incredibly compromised election system,” said Marilyn Marks of the Coalition for Good Governance, one of the plaintiffs in the case.
Now, she said, state officials argue that because of their new system, problems with the old system aren’t relevant anymore.
“Of course, that’s not true,” she added. “This was the hub of their entire elections structure.”
The FBI obtained the server image as part of an investigation into the security researchers who alerted KSU to the server’s security hole. Those researchers were never accused of any wrongdoing. It is not clear, however, if the FBI ever examined the image to try to determine whether it had been compromised, a significant question given federal findings of interference by Russian military intelligence agents in the 2016 election.
An FBI spokesman in Atlanta, Kevin Rowson, declined to comment on the matter.