Several security vulnerabilities in systems used to manage Georgia’s election technology, exposing the records of 6.7 million voters months before the nation most expensive House race slated for June 20, has raised the fears that the election could be disrupted. Although 29-year-old security researcher Logan Lamb spotted and reported the vulnerabilities in August 2016, he said the state has continuously ignored efforts to patch the vulnerabilities of Georgia’s special election between Democratic candidate Jon Ossoff against Republican former Secretary of State Karen Handel, according to Politico. Lamb began looking into the voting systems when he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines. He began looking for PDFs or documents that would give him more insight into the centers work when he set up an automated script to scrape the site and see what he could find.
The script ended up returning 15 gigabytes of data including a database containing the state’s 6.7 million voter registration records, multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day, and software files for electronic devices used by the state’s poll workers to verify that a voter is registered before allowing them to cast a ballot.
The data was supposed to be behind a password protected firewall but the center misconfigured the server so that the files were accessible to anyone and the site was also using an outdated version of Drupal containing a critical vulnerability dubbed “Drupageddon.”