Skip to main content

Real security flaws became a sketchy hacking investigation in Georgia

Real security flaws became a sketchy hacking investigation in Georgia

/

How do cybersecurity experts disclose vulnerabilities if they’re going to be accused of hacking?

Share this story

Illustration by Alex Castro / The Verge

Just a few days before the midterm elections, Georgia’s Republican gubernatorial candidate and secretary of state, Brian Kemp, accused Georgia’s Democratic Party of hacking into the state’s voter registration base. It was a controversial move that is already generating concerns regarding conflicts of interest. Kemp’s office has yet to provide any evidence in support of these claims, and with mere hours left before the final votes are cast, it’s unclear what his motives are in announcing the investigation.

It now seems like Kemp’s accusation may have referred to a legitimate cybersecurity investigation by Georgia Democrats, which uncovered real and significant flaws in the state’s voter registration system. If that research was the source of Kemp’s claim, it would be the latest in a long line of incidents where legitimate researchers are cast as criminal hackers in order to cover up serious security flaws.

“The document points out massive security flaws in Georgia’s voter registration system”

Over the weekend, WhoWhatWhy published a report detailing a document it obtained that was initially sent by the Democratic Party of Georgia. The document points out massive security flaws in Georgia’s voter registration system, some of which could be exploited by the most amateur hacker.

According to the document, “it would not be difficult for almost anyone with minimal computer expertise to access millions of people’s private information and potentially make changes to their voter registration — including canceling it.”

Hours after news broke of the flaws, Georgia’s secretary of state announced that it would be investigating the Democratic Party, but it gave no indication whether the security report was the source of the claims. “While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes,” the statement reads. The office also requested an FBI investigation into the matter as well, despite no clear evidence that the discovered vulnerabilities had subsequently led to a breach of voter information.

“Kemp denied [the DHS’s] assistance”

It’s not the first indication of security problems in Georgia’s election system. This summer, the special counsel investigation disclosed that foreign actors had targeted Georgia’s election infrastructure as part of an indictment of Russian military intelligence officials. After this was uncovered, the Department of Homeland Security offered to help strengthen the state’s elections security. Kemp denied that assistance.

This isn’t the first time an election researcher has been charged with computer crimes. In 2016, David Levin of Vanguard Cybersecurity was arrested after Florida law officials accused him of hacking into the state elections database. Levin was charged with three counts of gaining unauthorized access to a network, his home was raided by the police, and all of his devices were confiscated.

Today’s Storystream

Feed refreshed 16 minutes ago Not just you

T
Thomas Ricker16 minutes ago
The Simpsons pays tribute to Chrome’s dino game.

Season 34 of The Simpsons kicked off on Sunday night with an opening credits “couch gag” based on the offline dino game from Google’s Chrome browser. Cactus, cactus, couch, d’oh! Perfect.


T
Youtube
Thomas Ricker7:29 AM UTC
Table breaks before Apple Watch Ultra’s sapphire glass.

”It’s the most rugged and capable Apple Watch yet,” said Apple at the launch of the Apple Watch Ultra (read The Verge review here). YouTuber TechRax put that claim to the test with a series of drop, scratch, and hammer tests. Takeaways: the titanium case will scratch with enough abuse, and that flat sapphire front crystal is tough — tougher than the table which cracks before the Ultra fails — but not indestructible.


E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.