DHS Tried To Breach Our Firewall, Says Georgia's Secretary of State

An anonymous reader quotes a report from CyberScoop: Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful. The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state's elections. "At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network," Kemp wrote in the letter, which was also sent to the state's federal representatives and senators. "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." "The Department of Homeland Security has received Secretary Kemp's letter," a DHS spokesperson told CyberScoop. "We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly." Georgia was one of two states that refused cyber-hygiene support and penetration testing from DHS in the leadup to the presidential election. The department had made a significant push for it after hackers spent months exposing the Democratic National Committee's internal communications and data.

'"We are looking into the matter"

Translation: We will deny this happened while privately scolding the team we ordered to do this. If you keep pushing us, we will be forced to throw our IT guys under the bus.

Re:'"We are looking into the matter"

[BarbaraHudson]

More like "We won't be scolding our guys because they were following orders. Whose orders? Sorry, you're not cleared for that | We'll look into it and (maybe) let you know what we find | The people doing the penetration attempt thought your state was on the approved list | It was a computer glitch | Russia tried to hack you, not us."

Re:'"We are looking into the matter"

[npslider]

"These are not the ports we're looking for... move along"...

Re:'"We are looking into the matter"

[Xenographic]

I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.

Re:'"We are looking into the matter"

[Ungrounded+Lightning]

Hell they probably would have accepted the offer for a free pen test. Instead many orgs react rather violently if they dont know about it and you did it.

An unexpected, unauthorized, "free pen test" is indistinguishable from a bad-guy cracking attempt, and must be treated as if it's a real threat. This causes ENORMOUS extra costs as the victim has to batten the hatches, examine everything for corruption and/or possible persistent threat instalation, compare working databases to backups and examine the differences vs. update audit trails, and so on.

Not to mention the concern that it might be a real attempt by the DHS, or a rogue group within it, to hack the election.

Re:'"We are looking into the matter"

[Wintermute__]

Countries have Secretaries of State, too, you know. And governments have been rumored to occasionally attempt to breach the networks of foreign countries as well. The confusion is warranted in this case.

The part that gave it away was the Secretary of State saying, "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." At that point, it was clear that this was referring to the U.S. State of Georgia, not the nation of Georgia.

Re:'"We are looking into the matter"

[BarbaraHudson]

Either you don't know your history, or you're too lazy to use google, so the first item that comes up when asking about us interference in other countries elections:

In the 1958 Japanese election, the United States gave the Liberal-Democratic Party damaging political intelligence on its main rival, the Socialists. The CIA acquired it from paid informants within the Socialist Party. In the 1990 Nicaraguan elections, the United States leaked damaging information on alleged Sandinista corruption and Swiss bank accounts, funneling the information to German newspapers. The Nicaraguan opposition then used these German media reports to great effect.

In other words, the CIA was doing the exact same thing that they accuse Wikileaks of doing. US exceptionalism at work - "the rules don't apply to us."

and

“Isn’t it interesting that her (Clinton's) campaign is now experiencing the same thing that she perpetrated on other countries,” Netherton told The Huffington Post, as she awaited Sanders’ speech Monday night.

“She did this in Haiti, she did this in Honduras, and now it’s coming back on her and she’s all verklempt about it,” Netherton added. “It’s a little bit of her own medicine, but unfortunately I don’t think she’s open minded enough to see that for what it is.”

Indeed, meddling in foreign politics is a great American pastime, and one that Clinton has some familiarity with. For more than 100 years, without any significant break, the U.S. has been doing whatever it can to influence the outcome of elections up to and including assassinating politicians it has found unfriendly.

Assassinating politicians is certainly going to keep them from running in an election.

When Iran elected a nationalist politician, Mohammed Mosaddeq, the U.S. intervened to launch a coup in 1953, which CIA agent Kermit Roosevelt led. Mossadegh’s crime was to nationalize a British oil company, a forerunner to BP, and to spark concerns among the paranoid Dulles brothers that he was leaning toward the Soviet Union. The U.S. installed Mohammad Reza Shah Pahlavi, Iran’s monarch, as the head of Iran and his repressive rule led to the Iranian revolution. That uprising, in turn, has given us a brutally repressive regime in Iran, client terrorist groups around the Middle East, savage sectarian violence in Iraq and a nuclear standoff.

Overthrowing a democratically elected politician and getting rid of elections is also interfering in Iran's electoral process.

When the French withdrew from Vietnam in the 1950s, they scheduled an election to be held shortly after. It became increasingly clear that the communist revolutionary leader Ho Chi Minh would win it in a landslide. So the U.S. intervened and installed Ngo Dinh Diem as leader of a new country it recognized as South Vietnam. The national election was canceled, but the U.S. still needed a way to pretend the puppet regime had political support. So it set up an election between Diem, who was widely disliked, and an exiled member of the royal family who was even more hated. Diem won with an absurd tally of 98.2 percent.

Cancelling an election that would have elected someone the US didn't want to win is most certainly interfering in their electoral process.

The election in 2014 didn’t go as the U.S. intended (like the one in 2009, shot through with fraud that gave it to Hamid Karzai). So the U.S. declared it a tie and created a new position not in the Afghan constitution called Chief Executive Officer.

There are plenty of other examples of US interference in other countries.

Re:gotta get to the bottom of this

[skids]

You truly have no reading comprehension ability, do you?

DHS bot

[magarity]

detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall... "We are looking into the matter"

Probably the DHS servers are all overrun with botnets trying to probe around for more servers to take over.

Re: DHS bot

[Zero__Kelvin]

You know damn well that the point being made was that DHS did not notify them.

Text of Letter

https://assets.documentcloud.org/documents/3234551/Georgia-Secretary-of-State-Letter-to-DHS-Secretary.txt

The Office of Secretary of State
23mm Kemp
SECRETARY OF STATE
December 8, 2016
The Honorable Jeh Johnson
Secretary of Homeland Security
Department of Homeland Security
Washington, DC. 20528

Secretary Johnson,

On November 15, 2016, an IP address associated with the Department of Homeland Security made an
unsuccessful attempt to penetrate the Georgia Secretary of State's firewall. I am writing you to ask whether
DHS was aware of this attempt and, if so, why DHS was attempting to breach our firewall.

The private-sector security provider that monitors the agency's firewall detected a large unblocked scan
event on November 15 at 8:43 AM. The event was an IP address (216.81.81.80) attempting to scan certain
aspects of the Georgia Secretary of State?s infrastructure. The attempt to breach our system was unsuccess-
ful.

At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our
network. Moreover, your Department has not contacted my office since this unsuccessful incident to alert
us of any security event that would require testing or scanning of our network. This is especially odd and
concerning since I serve on the Election Cyber Security Working Group that your office created.

As you may know, the Georgia Secretary of State?s office maintains the statewide voter registration data-
base containing the personal information of over 6.5 million Georgians. In addition, we hold the information
for over 800,000 corporate entities and over 500,000 licensed or registered professionals.

As Georgia's Secretary of State, I take cyber security very seriously. That is why I have contracted with a
global leader in monitored security services to provide immediate responses to these types of threats. This
firm analyzes more than 180 billion events a day globally across a 5,000+ customer base which includes
many Fortune 500 companies. Clearly, this type of resource and service is necessary to protect Georgians'
data against the type of event that occurred on November 15.

Georgia was one of the only few states that did not seek DHS assistance with cyber hygiene scans 0r pen-
etration testing before this year?s election. We declined this assistance due to having already implemented
the security measures suggested by DHS. Under 18 U.S.C. 1030, attempting to gain access or exceeding
authorized access to protected computer systems is illegal. Given all these facts, a number of very important
questions have been raised that deserve your attention:

214 State Capitol oAtlanta, Georgia 30334 - (404) 656-2881 (404) 656-0513 Fax

Did your Department in fact conduct this unauthorized scan?
If so, who on your staff authorized this scan?
Did your Department conduct this type of scan against any other states? systems without authorization?
If so, which states were scanned by DHS without authorization?

I am very concerned by these facts provided by our security services provider, as they raise very serious
questions. I would appreciate your prompt and thorough response.

Sincerely,
Brian P. Kemp
[follows is long list of CC: Congressman, etc.]

Re: Text of Letter

You would not believe the shit-storm of belligerent phone calls, emails, escalations and accusations I have seen triggered by single nmap scan on default settings. I would not be the least bit surprised if someone at the DHS couldn't access a state of Georgia website and simply ran a quick nmap to see if it was down.

Snoop Doggy Dog

[Tablizer]

In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.

At first (s)he seemed to argue otherwise, but after a lot of probing on my part, the truth finally came out: He was more nervous with a Democrat snooping than a Republican. It wasn't the snooping itself, but WHO was snooping.

I can see how the personal trust issue can play a part, but to keep switching the laws back and forth depending on which party is in power is not realistic.

Re:Snoop Doggy Dog

[Motherfucking+Shit]

The difference is that Trump is hated by the same people who expanded the snooping laws.

The FBI seemed pretty hell-bent on getting Trump elected...

If we assume that government corruption is the impetus, then it follows that the long term effects of Trump's term is decreased snooping overall.

Considering Trump's appointees are all coming from the same old places like Goldman Sachs, I'm not sure where you get the idea that corruption will be on the decline.

Re:Oh noes

[spire3661]

"I was just going down the street turning doorknobs to ensure people's houses are locked up safe. Whats the big deal officer?"

DHS Weaponized?

[Jerry]

The last two administrations have weaponized a lot of Federal agencies against the American people, violating the 1st, 2nd, 4th, 5th, 8th and other Amendments of the Bill of Rights, and their oath of office to "uphold and defend the Constitution of the United States".

Were they trying to break into the election computers and change the counts?

Homelasnd "Security" Ha Ha Ha

[frovingslosh]

The Federal Government just does whatever it wants. Damn the laws or the Constitution or anyone's rights. Get used to it.