Expert: Georgia election server showed signs of tampering
BOSTON (AP) — A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. The server was left exposed to the open internet for at least six months, a problem the same expert discovered in August 2016. It was subsequently wiped clean in mid-2017 with no notice, just days after election integrity activists filed a lawsuit seeking an overhaul of what they called the state’s unreliable and negligently run election system.
In late December 2019, the plaintiffs were finally able to obtain a copy of the server’s contents that the FBI made in March 2017 and retained — after the state allegedly dragged its feet in securing the image.
State officials have said they’ve seen no evidence that any election-related data was compromised. But they also refused to submit the server image for an independent examination.
Logan Lamb, a security expert for the plaintiffs, said in an affidavit filed in Atlanta federal court Thursday that he found evidence suggesting the server was compromised in December
2014. Lamb said the evidence suggests an attacker exploited a bug that provided full control of the server.
Lamb also said he determined that computer logs — which would have been critical to understanding what might have been altered on or stolen from the server — only go back to Nov. 10, 2016 — two days after Donald Trump was elected U.S. president. Two years later, Brian Kemp won the Georgia governor’s race by a narrow margin over Democrat Stacey Abrams.
Kemp oversaw Georgia’s elections during both races as secretary of state. Election administration was handled at Kennesaw State University by an outfit that Kemp’s office dismantled after the serverwiping incident.
Lamb initially alerted Merle King, director of the elections center at KSU, in August 2016 of a gaping security hole that left the server vulnerable to tampering. The fact that the access logs were deleted suggests possible foul play, Lamb wrote. “I can think of no legitimate reason why records from that critical period of time should have been deleted,” he said in his sworn statement.