Feds have launched an investigation into why the Department of Homeland Security hacked into the Georgia state governmental network, including its election system, The Daily Caller News Foundation’s Investigative Group has learned.
John Roth, inspector general for DHS, wants to know why the agency broke protocol on its way to 10 unprecedented attacks on the system overseen by Georgia Secretary of State Brian Kemp — who is also one of the most vocal critics about the Obama administration’s attempt to designate local and state election machinery as part of federal “critical infrastructure.”
A Jan. 17 letter from Roth notified Kemp his office was officially “investigating a series of ten alleged scanning events of the Georgia Secretary of State’s network that may have originated from DHS-affiliated IP addresses.” A firewall in Georgia’s system thwarted each attempt.
DHS Secretary Jeh Johnson and Kemp have clashed over a federal government designation of election systems as “critical infrastructure.” Kemp called it “political power play to federalize elections.”
Johnson sparked a firestorm among state-level secretaries of state – Democrat and Republican alike — when he announced Jan. 6, two weeks before leaving office, that he was unilaterally issuing the designation.
If Roth’s investigation shows Johnson or his subordinates deliberately used federal cybersecurity resources to penetrate a state election system in order to pressure a state official over a policy dispute, it could represent a significant scandal for Johnson and for the outgoing Obama administration.
The “scans” are attacks to test security weaknesses in a network. It’s called the electronic equivalent of “rattling doorknobs” to see if they’re unlocked — or on a darker side, to send a message to a recipient.
Georgian IT specialists traced 10 such scans back to a DHS IP address. DHS officials confirmed the attacks came from an unnamed contractor attached to the Federal Law Enforcement Training Center in Glynco, Georgia, a part of DHS.
FLETCO officials have refuse to identify the contractor and the agency did not respond to a DCNF inquiry about the intrusions.
Rep. Jason Chaffetz, a Utah Republican, asked Roth to investigate the matter in a Jan. 11 letter.
Chaffetz, who also is the chairman of the powerful House Committee on Oversight and Government Reform told Roth, “If these allegations are true, they implicate state sovereignty laws and various other constitutional issues, as well as federal and state criminal laws.” Rep. Jody Hice, a Georgia Republican, co-signed the letter to Roth. Hice sits on the national security subcommittee.
Title 18 of the federal code makes it a federal crime to “having knowingly accessed a computer without authorization” and to damage or impair the integrity or availability of data, a program, a system, or information. The penalty could be a fine and up to 20 years for each offense.
Georgia also has several computer fraud and abuse statutes that could apply to the DHS contract employee and to other officials in Georgia who are implicated in the effort. Four of the 10 attacks against the Georgia network occurred as Kemp was about to talk to DHS officials, or coincided with his public testimony about his opposition to the critical infrastructure designation.
“It’s certainly concerning about the dates,” Kemp told TheDCNF in an interview. Kemp said he hopes the Inspector General gets to the bottom of the attacks and determines if there is a possibility the hacks were timed to intimidate him.
“Well, that’s a pretty easy dot to connect,” he said about the timing of the attacks. “Certainly from a political perspective it makes a lot of sense to ask that question.” he said.
Kemp wrote President-elect Donald Trump Dec. 13, telling him “I respectfully write today to request that you task your new Secretary of Homeland Security with investigating the failed cyberattacks against the Georgia Secretary of State’s network firewall.”
“We’re certainly excited and glad that we’re just going to get our questions answered,” Kemp told TheDCNF. “That’s all we’ve been asking for and we think we deserve to know what was going on. The explanation they (DHS) have been giving us leaves a lot of holes unanswered.”
Johnson has given several explanations for the attempted intrusion. One was that an unnamed contracted who hit the site “as part of his normal job duties” to confirm professional licenses.
The former secretary hedged his response in a Dec. 12 letter, telling Kemp, “This is an interim response to your inquiry, subject to change.”
Kemp said the DHS answers have continued to change over time, and the department has been unwilling to identify the contractor.
“First they said it was an individual in Corpus Christi Texas who worked for border patrol that had a bug in his Microsoft software that was causing it. And then they moved off of that, and said that it was somebody in Georgia at FLETCO down in Gleynn County on the coast of Georgia.”
Kemp said, “We’ve never been given the name of the employee. We haven’t been able to talk to them. We expect OIG would want to talk to that employee.”
The attacks against Kemp’s network – which also contains corporate information of registered companies in the state as well as professional licenses – began on February 2.
The last effort to penetrate the Georgia system, which Kemp called a “large attack,” occurred Nov. 15, a week after the election but before the state certified its results.