You have reached your limit of free articles this month.

Enjoy unlimited access to myAJC.com

Starting at just 99¢ for 8 weeks.

GREAT REASONS TO SUBSCRIBE TODAY!

  • IN-DEPTH REPORTING
  • INTERACTIVE STORYTELLING
  • NEW TOPICS & COVERAGE
  • ePAPER
X

You have read of premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and bonus content- exclusively for subscribers. Starting at just 99¢ for 8 weeks

X

Welcome to myAJC.com

This subscriber-only site gives you exclusive access to breaking news, in-depth coverage, exclusive interactives and bonus content.

You can read free articles of your choice a month that are only available on myAJC.com.

Kennesaw State was warned its server may be vulnerable to data breach


Kennesaw State University officials received a warning before the presidential election that a server system used by its election center may be vulnerable to a data breach.

But they only notified state officials that they could have a problem after a second contact from a potential hacker raised alarms about the security of millions of Georgia voter records, according to top state officials briefed on the issue but not authorized to speak on the record.

It is not clear whether the university acted to address the potential problem identified by the hacker last fall, those officials said. KSU hasn’t publicly discussed the alleged breach, citing an open investigation.

It is also not clear the hacker had any ill intent and ever actually accessed the records, which the university keeps on behalf of the state as part of its Center for Election Systems.

But those officials said the second contact about the apparent vulnerabilities appears to be from the same person, which is what led to a federal investigation now underway involving the center.

The university through a spokeswoman declined to comment Tuesday, saying officials did not want to do anything to impede the inquiry’s progress.

A spokesman for the U.S. Attorney’s Office also declined to comment.

A spokeswoman for Georgia Secretary of State Brian Kemp, who is said to have been furious at university officials for not telling his office about the contacts before this month, said he has confidence in how the presidential election was run and that additional data checks by the office confirm the election’s results.

She referred additional questions to federal officials.

In fact, Georgia officials do not believe “core systems” at the center have been compromised, according to records obtained by The Atlanta Journal-Constitution.

The finding comes from emails between state Election Board members and the Secretary of State’s Office as staff sought to answer questions about a potential “hack” of confidential data reported earlier this month by the AJC.

The alleged breach appeared to have been centered on a server at the university, according to the emails.

“KSU informed us that as soon as they were made aware of the potential hack, they took the server offline in order to get their hands around the extent of the situation,” Ryan Germany, the office’s general counsel, wrote in an email dated March 4.

In another email dated March 10, Germany told state Election Board member David Worley that the university had “determined that the core systems at the KSU Center for Elections have not been compromised or attacked.”

The center uses the systems, Germany explained, to build and duplicate the digital lists of eligible voters used by poll workers in each of the state’s 3,000 precincts to verify voters’ names, addresses and registration.

They are “air-gapped,” meaning they are not connected to the internet, Germany said, “and are not connected to KSU’s server that is under investigation.”

Germany said the office was working with the university to ensure its network was now secure and that the office would not share any data with it until it was confident that was the case.

The Federal Bureau of Investigation launched its investigation into the suspected cyberattack March 2 after university staff discovered there may have been a breach.

The center has since 2002 overseen the state’s election operations and voting machines.

It does that work through an agreement with the Secretary of State’s Office. It does not, however, maintain live databases or the state’s official voter registration database.

There is no evidence the registration database or the office’s separate server system have been hacked, Germany said, and the private company used by the office to protect those systems has been on “heightened alert” since the breach.

The office has also indicated that preparations are continuing as normal for a nationally watched special election April 18 to replace former U.S. Rep. Tom Price.

That includes an expectation that the state will be able to use its usual supply of poll books as well as “direct-recording electronic” voting machines, or DREs, known by voters for their touch screens.

The state committed to the machines in 2002 when it last overhauled its elections.

At the same time, it also eliminated a paper trail of recorded votes, something a group of computer scientists and security experts said last week that the state should reconsider in light of concerns over the hack.

The emails do not address key questions the investigation is believed to be exploring, including when exactly the hack occurred, how deeply it penetrated and what areas of the center were connected to the server that university officials believe may have been breached.



Reader Comments ...


Next Up in Georgia Politics

Handel cracks Georgia GOP ‘glass ceiling’
Handel cracks Georgia GOP ‘glass ceiling’

It might not have seemed that way, but the scene at a stuffed Roswell restaurant on the eve of last week’s runoff was a quietly remarkable one. It was the night before the 6th Congressional District vote, and Gov. Nathan Deal was campaigning for a former opponent his staff once described as a spout of “unhinged blather.” Sprinkled...
A new health care debate, Donald Trump, and a spike in breast cancer

Just in time for the renewed, fast-tempo debate over health care in Washington, public health researchers at Georgia State University have produced a pair of studies that help underline just what’s at stake. The more provocative of the two papers has intriguing national implications: In large swaths of the United States, swing areas that handed...
Georgians: Fix health care prices, stop partisanship
Georgians: Fix health care prices, stop partisanship

After the U.S. Senate finally revealed its proposed federal health care bill, advocates revved up their rhetoric with extreme positions, loud cheers and denunciations. “INJUSTICE!” blared the handmade sign of a protester Friday outside U.S. Sen. Johnny Isakson’s office. The Senate’s bill “is morally repugnant,” said...
Will Georgia’s 6th District do this all again in 2018?
Will Georgia’s 6th District do this all again in 2018?

Despite initial relief among Georgia’s 6th District residents that the barrage of campaign ads has come to an end, the reprieve might not last too long. “Now we know what New Hampshire looks like,” said Chip Lake, a GOP consultant based in Georgia. The question is, with 2018 just around the corner, will this year’s astronomical...
Trump signs law making it easier to fire bad VA employees
Trump signs law making it easier to fire bad VA employees

President Donald Trump signed a bill into law Friday that would expedite the process for top officials to fire problematic employees at the long-troubled U.S. Department of Veterans Affairs. The aim of the accountability legislation is to make it easier to root out the bad apples who have helped contribute to the cascade of scandals at the VA, harming...
More Stories