US close to solving mystery of alleged hacking of Georgia
WASHINGTON — The U.S. Homeland Security Department moved closer Friday to solving the mystery about why the state of Georgia believed the federal government was trying to hack its election systems.
An employee in the department who worked far removed from cybersecurity operations visited the Georgia secretary of state’s website for his work, an official told The Associated Press. The employee’s system was configured in a way that caused Georgia’s outside security vendor to misinterpret the visit as a scan of its systems. The official spoke on condition of anonymity because this person was not authorized to publicly discuss preliminary findings.
In a letter Thursday sent to Homeland Security Secretary Jeh Johnson, Georgia Secretary of State Brian P. Kemp said a computer traced back to the federal agency in Washington tried unsuccessfully to penetrate the state office’s firewall one week after the presidential election.
The letter speculated that what it described as “a large unblocked scan event” might have been a security test.
A Homeland Security Department technical team was working Friday to coordinate with the state’s office to uncover what happened.
The computer address Georgia provided to U.S. officials traced back to an internet gateway that funnels traffic for thousands of computers across the 22-agency department. By Friday afternoon, DHS investigators had followed the trail back to a specific computer.
The employee told investigators that he was checking the state website to determine whether an individual had a certain type of professional license issued by the state. Due to the way the employee’s computer was configured, it appeared his computer was scanning the state system, which can be interpreted as a prelude to a hacking attempt, the official said.