Days after activists filed a lawsuit over the security of Georgia’s election systems, the university housing the servers at the center of the case wiped them of all data. The servers had been in the possession of the Center for Elections Systems (CES) at Kennesaw State University, which had been contracted to maintain Georgia’s election systems. The state ended its relationship with Kennesaw State in July. According to emails retrieved by one of the plaintiffs in that case through an open records request and provided to The Hill, information technology (IT) staff first confirmed deleting files from the system on July 7 — four days after the suit was filed. In March, the CES was notified by researcher Logan Lamb that a vulnerability in web security allowed attackers to read internal files not meant for public consumption. Those files included voter records which contained the date of birth and Social Security number of 5.7 million Georgians. They also included memos containing credentials to the state’s ExpressPoll brand electronic poll book.
Georgia held a congressional election shortly after, with Republican Karen Handel defeating Democrat John Ossoff. The lawsuit alleges that with the data vulnerable, attackers might have affected the election.
On July 7, an IT staffer sent an email confirming he had used DBAN, a secure file deletion program, to erase the hard drives.
“Per your instructions regarding the reimaging and installation of the CES server, we DBAN’d the hard drives,” an IT staffer emailed to Davide Gaetano, whose LinkedIn profile lists him as “AVP of Educational Technology Engineering Innovation.” Later, the IT staff subjected hard drives to strong magnetic fields, wiping them of all information.
Full Article: Georgia election server wiped days after lawsuit | TheHill.