US voting server in election security probe is mysteriously wiped
Nothing to see here, comrade. Move along, move along
Analysis A computer at the center of a lawsuit digging into woeful cyber-security practices during the US presidential election has been wiped.
The server in question is based in Georgia – a state that narrowly backed Donald Trump, giving him 16 electoral votes – and stored the results from the state's voting systems. The deletion of its data makes analysis of whether the computer was compromised impossible to ascertain.
There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could have be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record.
While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast.
"You could just go to the root of where they were hosting all the files and just download everything without logging in," he said. He also noted the files had been indexed by Google, making them readily available to anyone looking in the right place.
Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the US security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines.
Let's have a look
In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system.
But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 – just days after the lawsuit was filed.
The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe – just as the lawsuit moved to a federal court.
It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.
So far, everyone is claiming ignorance of the event. A spokesperson for Georgia’s secretary of state, Brian Kemp, who is in overall charge, denied having anything to do with the decision. And the election center's director, Michael Barnes, is refusing to comment.
Since the server was not under a court protection order, the destruction of its data is not illegal but it is extremely suspicious.
As for the information itself, there is one more avenue to recover it: the FBI took a copy of the server's filesystem contents when it opened an investigation into the system back in March. So far the Feds have refused to say whether they still have that copy. ®
Sponsored: Becoming a Pragmatic Security Leader