Someone wiped a key server in Georgia right after voters filed a lawsuit over insecure voting-machines

Georgia's voting machines are among the worst, most hackable in the nation, and that's why a "diverse group of election reform advocates" including the Coalition for Good Governance sued the state to purge its hoard of 27,000 AccuVote voting machines, whose defects were not patched though the state was warned of them six months prior to the election. Accuvote machines do not keep any kind of paper audit-tape that can be used to compare the electronic total to a hardcopy.

Right after the suit was filed, parties unknown ordered technicians at the Center for Elections Systems at Kennesaw State University (who provides oversight for state elections) to securely wipe all the data from a statewide server used to stage election-related data, believed to contain evidence that would be cited in the suit.

The Kennesaw team is overseen by Georgia's GOP secretary of state Brian Kemp. Kemp is also the principal defendant in the suit. Kemp denies knowledge of who ordered the server wiped.

The insecure state of Georgia's machines throws doubt on the outcome of the 2016 presidential election and a special congressional runoff last June.

The FBI may have a backup of the server, but has not confirmed it. All other backups appear to have been wiped.

A 140-page collection of Kennesaw State emails, obtained Friday by the Coalition for Good Governments via an open records search, details the destruction of the data on all three servers and a partial and ultimately ineffective effort by Kennesaw State systems engineers to fix the main server's security hole.

As a result of the failed effort, sensitive data on Georgia's 6.7 million voters — including social security numbers, party affiliation and birthdates — as well as passwords used by county officials to access elections management files remained exposed for months.

The problem was first discovered by Atlanta security researcher Logan Lamb, who happened across it while doing online research in August 2016. He informed the election center's director at the time, noting in an email that "there is a strong possibility your site is already compromised."

Based on his review of the emails, Lamb believes that electronic polling books could have been altered in Georgia's biggest counties to add or drop voters or to scramble their data. Malicious hackers could have altered the templates of the memory cards used in voting machines to skew results.

An attacker could even have modified "ballot-building" files to corrupt the count, said Lamb, who works at Atlanta-based Bastille Networks.

Georgia election server wiped after suit filed [Frank Bajak/AP]


(via Reddit)