The indictment last week of 12 Russian military officers is focusing new attention on election servers in Georgia that are currently embroiled in a lawsuit between election integrity activists and the secretary of state. The activists, intent on proving that the state’s paperless voting machines are not secure and should be replaced, want to examine two state election servers to look for evidence that Russian hackers or others might have compromised them to subvert elections. But the state has been fighting them for more than a year, citing sovereign immunity from lawsuits and also insisting to the news media that Georgia was never targeted by Russian hackers. For the past year it seemed the latter might be true.
When the Department of Homeland Security notified 21 states in 2017 that they had been targeted by Russian hackers intent on interfering with the 2016 U.S. presidential election, Georgia—despite having one of the most vulnerable voting systems in the country—was not among them. Trump won the state by nearly 6 percentage points over Democrat Hillary Clinton, whose campaign had hoped to pick up the reliably Republican state for the first time since 1992.
DHS said Russian hackers had probed websites in the 21 states looking for vulnerabilities, and in at least one state—Illinois—they found a vulnerability in a server that hosted the state’s voter registration database, allowing them to access 90,000 voter records. But the Russians were apparently unsuccessful in finding vulnerabilities in other state election sites and evidently never bothered at all with servers in Georgia, according to the agency.
This was odd because around the same time the Russians were targeting other states, a security researcher in Georgia named Logan Lamb discovered a serious security vulnerability in an election server in his state. The vulnerability allowed him to download the state’s entire database of 6.7 million registered voters and would have allowed him or any other intruder to alter versions of the database distributed to counties prior to the election. Lamb also found PDFs with instructions and passwords for election workers to sign in to a central server on Election Day as well as software files for the state’s ExpressPoll pollbooks—the electronic devices used by poll workers to verify voters’ eligibility to vote before allowing them to cast a ballot.