Russians Targeted Georgia County Servers, Mueller Indictment Reveals, but KSU Destroyed the Evidence (UPDATE 2)
(APN) ATLANTA — Two county servers in Georgia were targeted by two Russian military officers, Anatoliy Sergeyevich Kovalev and Aleksandr Vladimirovich Osadchuk, it was recently revealed in a July 13, 2018 indictment of twelve Russian hackers by U.S. Department of Justice Special Counsel Robert Mueller.
Here is a link to the Mueller indictment.
Russians accessed the websites of two counties in Georgia, looking for vulnerabilities they could use to access back-end servers.
“In or around October 2016, KOVALEV and his co-conspirators further targeted state and county offices responsible for administering the 2016 U.S. elections,” the indictment states in paragraph 75, page 26.
“For example, on or around October 28, 2016, KOVALEV and co-conspirators visited the websites of certain counties in Georgia, Iowa, and Florida to identify vulnerabilities,” the indictment states.
UPDATE: While the two counties were not identified in the indictment, the Secretary of State’s office has identified the counties as Cobb and Fulton.
We may never know if Russians or anyone else influenced elections in Georgia, because Kennesaw State University technicians wiped the server clean a few days after voting integrity advocates requested the server for a forensic audit as part of a lawsuit challenging Georgia’s E-voting regime.
A cybersecurity expert recently demonstrated at Georgia Tech how easy it is to hack the Direct Recording Electronic (DRE) voting machines that are used in Georgia in only a few minutes, or to change the results of an election.
“Hacking an entire Georgia election would have been easy for any bad actor anywhere in the world, according to a VoterGA Audit, because our central elections server was exposed to the Internet; and that server was used to download election information for all county servers,” Garland Favorito, founder of VoterGA, told Atlanta Progressive News.
“Those servers build the memory cards used to tabulate each precinct voting machine result for every election,” Favorito said.
Other U.S. states mentioned in the Mueller indictment are Illinois, Iowa, and Florida. It was already known that Russian hackers had probed websites in at least 21 states looking for vulnerabilities to access voter databases.
They successfully stole information on 500,000 voters, apparently from the State of Illinois. The State of Illinois has acknowledged such a compromise took place.
Mainly, though, it appears the Russian hackers went after the Democratic National Committee, the Democratic Congressional Campaign Committee, and Hillary Clinton’s campaign for President of the U.S. They published their stolen files through DC Leaks, Guccifer 2.0, and WikiLeaks.
Trump famously said on national television, “Russia if you are listening, I hope you’re able to find the thirty thousand emails that are missing,” making a direct appeal to Russia to hack into Clinton’s emails.
Due to Mueller’s investigation, we know that on the same day, Russian operatives, in apparent response to Trump’s request, did, in fact, hack into Clinton’s servers.
Russians have also spread propaganda on social media to assist Trump. Russian President Vladimir Putin admitted at the July 16, 2018 meeting in Helsinki, Finland, that he wanted Trump to win and that he ordered officials to help him win.
Now, U.S. Director of National Intelligence Daniel Coats has warned the public that “warning lights are blinking red” of impending Russian cyber attacks. Russia is continuing its efforts to interfere with our elections to undermine our democracy in the Midterm Elections and beyond.
Georgia’s election system vulnerabilities have been documented for fifteen years by experts and computer scientists, as well as by APN.
These vulnerabilities have been ignored for just as long Georgia’s Secretaries of State, Democrat and Republican alike, including Cathy Cox, Karen Handel, and Brian Kemp.
Georgia elections are ranked as the worst in the U.S., according to a 2004 study by the Open Congress Foundation; and no substantial improvements have been made since then.
Many Georgia voters have felt disenfranchised since 2002, when the DRE voting machines were first installed.
Coincidentally, point of fact: After the first statewide elections with the new DRE system, the State flipped from majority Democrat to majority Republican, and never went back.
Here is a chart that shows the flip.
Popular disabled Vietnam veteran U.S. Sen. Max Cleland (D-GA) had a solid lead over Republican Saxby Chambliss, but inexplicably lost the 2002 election.
At that time, critics pointed to the “Rob Georgia Patch,” which Bob Urosevich, then-CEO of then-Diebold, applied to some five thousand voting machines in Georgia.
“The curious thing is the very swift, covert way this was done… It was an unauthorized patch, and they were trying to keep it secret from the state… We were told not to talk to county personnel about it,” Chris Hood, a Diebold consultant-turned-whistleblower recounted in a 2006 article in Rolling Stone magazine.
But the situation is understood to be even worse now, due to the revelation that “pcAnywhere” remote software has been installed in many states, including Georgia, to help election officials remotely access the E-voting systems in order to allow customer support and troubleshooting.
pcAnywhere was installed in Georgia “between 2002 to 2006 and it was written into the contract with the State and–at that time it was Diebold–now it is ES&S,” Donna Curling, a lead plaintiff in the lawsuit against Secretary of State Kemp, now the Republican nominee for Governor, told APN.
“ES&S would have pcAnywhere on every Global Election Management System (GEMS) Server, which means every county office, SOS office, and KSU office so they could access GEMS at any time to troubleshoot,” Curling said.
Installing remote-access software “is the worst decision for security short of leaving ballot boxes on a Moscow street corner,” U.S. Sen. Ron Wyden (D-OR) told Motherboard, a computer magazine. U.S. Sen. Wyden first obtained the information from ES&S about pcAnywhere.
Prior to the 2016 U.S. Presidential Election, the Federal Bureau of Investigation (FBI) issued an alert to all state election officials warning of attempted hacks of state election data systems.
Despite the warning, Kemp refused security assistance from the U.S. Department of Homeland Security (DHS) prior to the election. Only Georgia and one other state refused DHS help.
As previously reported by APN, in August 2016, Logan Lamb, a cybersecurity researcher in Georgia, after hearing reports about Russian hackers probing voter registration databases, decided to do an assessment of the security at the Center for Election Systems (CES) at KSU.
Lamb was surprised to learn how easy it was to download the entire State’s database of 6.7 million registered voters. He found instructions and passwords for election workers to sign in to a central server on Election Day to verify voters’ eligibility to vote.
Lamb also found that CES had improperly configured its server and had failed to patch a security flaw about which it had known since 2014.
If a Russian conspirator, rather than Lamb, had undertaken the same steps, they would have found essentially everything needed to hack our elections without detection and without physical access to any voting machine.
When Lamb notified CES of the problem, he says Merle King, Executive Director of CES, told him, “It would be best if you were to drop this now… the people downtown, the politicians… would crush” him.
The problem was not fixed and on March 01, 2017, Chris Grayson, a colleague of Lamb, found the same files and an unencrypted version of Drupal still vulnerable.
The Drupal content management system security flaw allows an attacker to take control of the website and its server. The attacker then has free reign with the system to execute, create, modify, or delete anything on the elections server, according to the VoterGA Audit (link above).
It was an open door through which any bad actor could walk, and change the outcome of an election.
Grayson notified different people about this and many other security problems, which led to the FBI removing servers from KSU.
The problems Lamb and Grayson found existed in Georgia’s voting system between at least August 2016 and March 2017, a time period which includes the November 2016 Presidential Election.
On March 14, 2017, some twenty computer experts from across the U.S. sent a letter to Secretary Kemp, urging him to immediately move to verifiable elections, after approximately sixteen years of faith-based E-voting with no independent paper audit in Georgia.
But Kemp continues to deny any problems with security and insists the State’s voting systems are safe and were never at risk in the 2016 election.
Some critics wonder if Georgia’s corrupt E-voting system may be working just the way it is intended to work.
As previously reported by APN, the Curling v. Kemp litigation is proceeding in federal court, challenging the June 20, 2017 Runoff Election between Karen Handel and Jon Ossoff in the Special Election that was held for Georgia’s Sixth District U.S. Congressional race.
The lawsuit argues and presents evidence that the State’s paperless voting machines are not secure and should be replaced with paper ballots that cannot be hacked.
As part of discovery, the plaintiffs requested to examine two state election servers to look for evidence that Russian hackers or others might have compromised them to subvert the elections, prior to the 2016 presidential election and/or prior to the Runoff Election in June 2017.
A few days after the lawsuit was filed, technicians at KSU wiped the Center’s servers clean, destroying any potential evidence of hackers on them. A month later, two backup servers were wiped clean.
Secretary Kemp responded to the destruction of information on the servers by saying that his office had no involvement in this decision and blamed “gross incompetence and undeniable ineptitude” on the part of KSU, CES, and University Information Technology Services (UNITS).
“This pattern of reckless behavior is exactly why we are ending our relationship with KSU and the Center for Elections Systems and moving functionality in-house,” Secretary Kemp said in a statement.
However, SOS attorney Ryan Germany sent out a letter that contradicts Kemp’s statement that KSU was incompetent in their actions.
“KSU IT’s (Information Technology) actions in erasing the server in question were consistent with standard IT practices and was not undertaken in response to litigation,” Germany’s letter states.
However, Curling says, “I was told by an expert that it’s never standard operating procedure to degauss [destroy] that information.”
“We’re told by industry experts it is unusual, especially the manner in which it was done,” David Cross with Morrison Foerster law firm, the lead attorney for the plaintiffs, told APN.
The FBI made a mirror image of the server that Lamb breached. UPDATE: According to Sec. of State Kemp’s office, the FBI still has the copy in their possession.
During the discovery period, the plaintiffs’ legal team hopes to get the FBI’s mirror image of the server. Without it, it will be difficult to analyze the data to determine if Russians or others hacked into the voting system to influence the elections.
“The court can take measures to help mitigate the harm to our case, such as adverse inference against the defendants… The court would assume that the contents of the server would have been helpful to our case and unhelpful for the defendant’s defense. The court could impose sanctions on the SOS for not taking reasonable measures to preserve the data on the server,” Cross tells APN.
The upcoming November Election being held without a verifiable paper audit “is incomprehensible and simply unconscionable,” Cross concluded.
One way for voters to have greater certainty that their vote will be counted is to cast an absentee ballot, which is a paper ballot.
“In Georgia, if voters request an absentee ballot from their local election office, they can vote on a paper-only ballot. We’ve found, based on VoterGA and other national audits, that such absentee paper-only votes are more accurately counted by a factor of 25 to thirty percent versus touchscreen votes,” Phyllis Huster, a national election integrity advocate with Lady Liberty Votes, tells APN.
“I strongly suggest people vote absentee nationwide,” Huster said.
(END / Copyright Atlanta Progressive News / 2018)
UPDATE 1 and CORRECTION: The original version of this article was partially entitled, “Russians Hacked Georgia…” However, it is not clear if they hacked Georgia or if they accessed Georgia county servers without resorting to hacking. The article and title has been corrected. The original version of this article erroneously stated the location of Helsinki. The article has been corrected to show that Helsinki is in Finland, not Russia.
UPDATE 2 and CORRECTION: In response to a request from Sec. Kemp’s office, APN has issued a second correction to the title and body of this article, to reflect that the Russians targeted County servers, not election databases.
In addition, the article has been updated to provide additional information from Sec. Kemp’s office, which is that the two counties were Cobb and Fulton. Further, this article has been updated to provide additional further information from Sec. Kemp’s office, which is that the FBI has maintained its copy of the server.