DHS Tried To Breach Our Firewall, Says Georgia's Secretary of State (cyberscoop.com) 146
An anonymous reader quotes a report from CyberScoop: Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful. The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state's elections. "At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network," Kemp wrote in the letter, which was also sent to the state's federal representatives and senators. "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." "The Department of Homeland Security has received Secretary Kemp's letter," a DHS spokesperson told CyberScoop. "We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly." Georgia was one of two states that refused cyber-hygiene support and penetration testing from DHS in the leadup to the presidential election. The department had made a significant push for it after hackers spent months exposing the Democratic National Committee's internal communications and data.
UPDATE: A later investigation revealed the activity Kemp cited "was the result of normal and automatic computer message exchanges," apparently caused by someone cutting and pasting data into a Microsoft Excel document.
UPDATE: A later investigation revealed the activity Kemp cited "was the result of normal and automatic computer message exchanges," apparently caused by someone cutting and pasting data into a Microsoft Excel document.
'"We are looking into the matter" (Score:5, Funny)
Translation: We will deny this happened while privately scolding the team we ordered to do this. If you keep pushing us, we will be forced to throw our IT guys under the bus.
Re:'"We are looking into the matter" (Score:5, Insightful)
Re: (Score:1)
Sorry, but the Russians were behind getting Trump in. This is just more double agent activity.
Re:'"We are looking into the matter" (Score:5, Informative)
I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.
Re: (Score:1)
I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.
How careless would one have to be to miss clues like "Homeland Security" and "Secretary of State"?
Re: (Score:3)
Countries have Secretaries of State, too, you know. And governments have been rumored to occasionally attempt to breach the networks of foreign countries as well. The confusion is warranted in this case.
The part that gave it away was the Secretary of State saying, "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election
Re: (Score:1)
The word "state" appears EIGHT times in the title and summary. You can read it quite carelessly, and it's still difficult to miss the context.
There's plenty of problems to complain about, here... This is not one of them.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Problem #1 with your theory is that there is no evidence. [huffingtonpost.com]
After the election, the Obama administration said it had no proof of Russian interference in the election tallies and that the results “accurately reflect the will of the American people.”
Problem #2 is that, even if they had, they would only be doing the same the US has done so many times. Pot calling the kettle black ...
Re: '"We are looking into the matter" (Score:1)
Re: (Score:2)
OK, I'll bite. Please name one instance of the US interfering in a foreign election. Pot calling the kettle black indeed...
Re:'"We are looking into the matter" (Score:5, Informative)
Either you don't know your history, or you're too lazy to use google, so the first item that comes up when asking about us interference in other countries elections: [washingtonpost.com]
In the 1958 Japanese election, the United States gave the Liberal-Democratic Party damaging political intelligence on its main rival, the Socialists. The CIA acquired it from paid informants within the Socialist Party. In the 1990 Nicaraguan elections, the United States leaked damaging information on alleged Sandinista corruption and Swiss bank accounts, funneling the information to German newspapers. The Nicaraguan opposition then used these German media reports to great effect.
In other words, the CIA was doing the exact same thing that they accuse Wikileaks of doing. US exceptionalism at work - "the rules don't apply to us."
and [huffingtonpost.com]
“Isn’t it interesting that her (Clinton's) campaign is now experiencing the same thing that she perpetrated on other countries,” Netherton told The Huffington Post, as she awaited Sanders’ speech Monday night.
“She did this in Haiti, she did this in Honduras, and now it’s coming back on her and she’s all verklempt about it,” Netherton added. “It’s a little bit of her own medicine, but unfortunately I don’t think she’s open minded enough to see that for what it is.”
Indeed, meddling in foreign politics is a great American pastime, and one that Clinton has some familiarity with. For more than 100 years, without any significant break, the U.S. has been doing whatever it can to influence the outcome of elections up to and including assassinating politicians it has found unfriendly.
Assassinating politicians is certainly going to keep them from running in an election.
When Iran elected a nationalist politician, Mohammed Mosaddeq, the U.S. intervened to launch a coup in 1953, which CIA agent Kermit Roosevelt led. Mossadegh’s crime was to nationalize a British oil company, a forerunner to BP, and to spark concerns among the paranoid Dulles brothers that he was leaning toward the Soviet Union. The U.S. installed Mohammad Reza Shah Pahlavi, Iran’s monarch, as the head of Iran and his repressive rule led to the Iranian revolution. That uprising, in turn, has given us a brutally repressive regime in Iran, client terrorist groups around the Middle East, savage sectarian violence in Iraq and a nuclear standoff.
Overthrowing a democratically elected politician and getting rid of elections is also interfering in Iran's electoral process.
When the French withdrew from Vietnam in the 1950s, they scheduled an election to be held shortly after. It became increasingly clear that the communist revolutionary leader Ho Chi Minh would win it in a landslide. So the U.S. intervened and installed Ngo Dinh Diem as leader of a new country it recognized as South Vietnam. The national election was canceled, but the U.S. still needed a way to pretend the puppet regime had political support. So it set up an election between Diem, who was widely disliked, and an exiled member of the royal family who was even more hated. Diem won with an absurd tally of 98.2 percent.
Cancelling an election that would have elected someone the US didn't want to win is most certainly interfering in their electoral process.
The election in 2014 didn’t go as the U.S. intended (like the one in 2009, shot through with fraud that gave it to Hamid Karzai). So the U.S. declared it a tie and created a new position not in the Afghan constitution called Chief Executive Officer.
There are plenty of other examples of US interference in other countries.
Re: (Score:2)
Re: (Score:2)
We have always been at war with Eastasia.
Re: (Score:2)
Don't excuse France from the blame-fest.
Hey, it's one of the things we do best.
Re: (Score:2)
My response was to the poster who demanded that I provide even one incident where the US interfered in a foreign election, and I provided several. Let's also not exclude Great Britain, who, seeing that Iran had elected someone who was going to nationalize the oil industry, including British assets, asked the US to intervene. The CIA did so, with the result being a coup and the installation by the US of the shah of Iran.
I'm pretty sure there are other countries that are also in their own ways responsible fo
Re: (Score:2)
Oh yes, I know (well, knew - he's probably pushing 100 now, if not dead) people who were tortured by Britain and America's catspaws in the 1950s after the Shah was installed. Very informative for trade unionists in the North Sea oil industry.
Re: (Score:2)
But it certainly makes the US a hypocrite. Again.
It's like when Clinton was saying "those emails were illegally obtained". So what - that didn't make them untrue, and whistle-blowing is the right thing to do. She wouldn't have bitched if the Russians (or anyone else) illegally leaked Trump's tax returns.
Re: (Score:1)
lol@democrats using the russians as an excuse.. It's a page straight from the republican cold war propaganda strategy.
captcha: crackpot
Mod parent down! (Score:1)
Only a crackpot would think HRC wasn't the REAL WINNER of the electrion. SMH
Re: (Score:3)
"These are not the ports we're looking for... move along"...
Re: (Score:2)
Yep, I want to see a prosecution on this one.
If a private individual tried to do this to assure that their government is secure they'd be seeing jail time. DHS have to obey the law too.
Re: (Score:3)
Hell they probably would have accepted the offer for a free pen test. Instead many orgs react rather violently if they dont know about it and you did it.
An unexpected, unauthorized, "free pen test" is indistinguishable from a bad-guy cracking attempt, and must be treated as if it's a real threat. This causes ENORMOUS extra costs as the victim has to batten the hatches, examine everything for corruption and/or possible persistent threat instalation, compare working databases to backups and examine the diffe
Re: (Score:1)
I love how blaming a Jew always enters these screeds at some point.
Re: (Score:2)
I mean getting caught doesn't exactly inspire confidence...
That they caught it and went public with it helps inspire confidence in Georgia's election process and results. "The DHS tried to crack us (the dirty sons of Bs), failed, and got caught!"
In the DHS, not so much.
Re: (Score:3)
You truly have no reading comprehension ability, do you?
DHS bot (Score:5, Insightful)
detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall... "We are looking into the matter"
Probably the DHS servers are all overrun with botnets trying to probe around for more servers to take over.
Re: (Score:2)
I'm not sure which is worse:
1. The DHS servers are really botnets
2. The DHS tried to do this
3. The "DHS servers" likely succeeded else where
Re: (Score:2)
I'm not sure which is worse: 1. The DHS servers are really botnets
Unlikely.
2. The DHS tried to do this
Sorry, I don't see how this is bad. One government agency that does this pen tested another government agency that had refused "cyber hygiene" support to see if the commercial service provider was doing its job. They were; nobody got broken into, and the customer was notified of the attempt.
3. The "DHS servers" likely succeeded else where
Yes, that is second worst of the three, and it and option 1 are truly bad. Then we have option 4: DHS failed elsewhere but the server admins didn't notice.
I run a few servers at a university. I used to catch ot
Re: (Score:2)
and the customer was notified of the attempt.
Oh really?
Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network
Doesn't sound like they were told about it from anything other than analyzing their traffic logs.
Re: (Score:1)
and the customer was notified of the attempt.
Oh really?
You don't read even the summary, do you?
Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. How do you think Brian Kemp knew it was happening if he, as the head of the agency that is the customer of the third-party security firm, wasn't notified of the attempt?
As I wrote: ... the commercial service provider was doing its job. They were; nobody got bro
Re: (Score:1)
You don't comprehend well do you? The Brian Kemp knew it was happening because the cyber security provider detected the intrusion.
You don't comprehend well, do you? That's what I said. The third party provider detected the intrusion attempt and notified their customer that it happened.
Not because anyone was notified.
Of course someone was notified. Don't be stupid. Brian Kemp didn't write the letter to DHS based on nothing. His security company NOTIFIED HIM of the event.
Re: (Score:1)
Different AC here.
The earlier AC, among others, wrote that DHS did not contact the state's office before launching the pen test (i.e., An exchange like "Hey Bob in Georgia? Yeah, this is Jim over at DHS. We are going to scan your network between xx and xx. Ta Ta," never happened!)
You are saying that the 3rd party company detected the pen test, recorded the DHS IP address, and alerted the state as it was in progress.
They are two separate things.
Re: DHS bot (Score:2)
Re: (Score:2)
You know damn well that the point being made was that DHS did not notify them.
And you know damn well that I never said they did. My statement that the customer was notified was contradicted by someone, and that's what I've been correcting. If you want to make some other point in some other part of the discussion, do so. But don't tell me I'm wrong when I say that the system worked; the company being paid to detect these things did so and notified their customer.
Re: (Score:1)
You don't comprehend well, do you? That's what I said. The third party provider detected the intrusion attempt and notified their customer that it happened.
While true, that's not the point.
The point is that the DHS did not notify the state of the attempt.
I hope that helps you understand why you are arguing against something nobody else is actually saying.
Re: (Score:2)
While true, that's not the point.
That was not my point, and my statement was true. "Oh really?" is contradiction the truth of a statement, and that's what I've been replying to.
I hope that helps you understand why you are arguing against something nobody else is actually saying.
You have it backwards. People are arguing with me for saying the customer was notified. Other people have actually claimed they were not. Your concept of what "nobody else is saying" is flawed.
Re: (Score:2)
Other than an exploit by a couple of intoxicated agents, why would the DHS be unable to hide their origin IP address?
Re: (Score:2)
So it's either a 3rd party malicious actor using a compromised DHS server, or a rouge DHS actor?
Re: (Score:2)
So it's either a 3rd party malicious actor using a compromised DHS server, or a rouge DHS actor?
This guy? [nocookie.net]
Re: DHS bot (Score:1)
Re: (Score:2)
In as much as one can know these things, the State of Georgia [realclearpolitics.com] was not expected to go any other way.
Remember, fraud would have to be perpetrated at the precinct level since Statewide totals available at the Secretary of State's office would just be the sums of previously recorded vote counts. It seems much more likely election fraud would be attempted in State races which are considered toss-ups... pre-election polls showed a close race in Ohio, for instance, and it went to Trump by a wide margin. [cnn.com]
Text of Letter (Score:2, Interesting)
https://assets.documentcloud.org/documents/3234551/Georgia-Secretary-of-State-Letter-to-DHS-Secretary.txt
The Office of Secretary of State
23mm Kemp
SECRETARY OF STATE
December 8, 2016
The Honorable Jeh Johnson
Secretary of Homeland Security
Department of Homeland Security
Washington, DC. 20528
Secretary Johnson,
On November 15, 2016, an IP address associated with the Department of Homeland Security made an
unsuccessful attempt to penetrate the Georgia Secretary of State's firewall. I am writing you to ask whether
DHS
Re: (Score:2)
I don't think they need to worry about their firewalls, they need to worry about falling prey to obvious phishing scams [wikileaks.org] (note the bit.ly link...) and not working together to compromise their own OPSEC [slashdot.org] by bypassing all the controls.
Re: (Score:1)
This appears to be nothing but an ordinary port scan. What, however, is an 'unblocked' scan supposed to be?
More interesting, there are literally thousands of those scans per day. What made this one stick out?
The IP address? That would mean someone, i.e. the private-sector security provider, is not only maintaining a list with US Government IP addresses for their security product, but also that someone has decided that raising an alarm because of one of those specific US Government IP addresses scanning the
Re: Text of Letter (Score:2, Interesting)
You would not believe the shit-storm of belligerent phone calls, emails, escalations and accusations I have seen triggered by single nmap scan on default settings. I would not be the least bit surprised if someone at the DHS couldn't access a state of Georgia website and simply ran a quick nmap to see if it was down.
Important clarification (Score:2)
Re:Oh noes (Score:5, Insightful)
Snoop Doggy Dog (Score:3, Interesting)
In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.
At first (s)he seemed to argue otherwise, but after a lot of probing on my part, the truth finally came out: He was more nervous with a Democrat snooping than a Republican. It wasn't the snooping itself, but WHO was snooping.
I can see how the personal trust issue can play a part, but to keep switching the laws back and forth depending on which party is in power is not realistic.
Re: (Score:1)
Do you have evidence of this? (Ironic, since you just got on my case for not presenting sources.)
(I'll ignore the general ranting, being it lacks specifics.)
Re: (Score:1)
Video [youtube.com] of him lying to Congress under oath. If you haven't seen this video as you claim, you really shouldn't be commenting on this topic at all and I believe everyone else here on /. would agree with me on that point.
Go ahead and claim he wasn't told to, but you will have to follow up with a statement from the White House contradicting him, Clapper being forced to resign for lying, the DOJ prosecuting him for lying, ANY CONSEQUENCES at all for lying.
They don't exist. He lied, Obama knew, and Obama did NOT
Re: (Score:1)
You claimed Obama MADE him do it ("had him..."). Are you changing your story now? Perhaps I should put you under oath.
Re: (Score:1)
While probably true, that's not enough evidence to claim that O "made" him say it. It's a lie, or in the very least speculative spin to word it as such.
My original statement was not intended to be directly partisan anyhow. Voters seem okay with snooping as long as it's "their guy" snooping.
Re: (Score:1)
That was NOT a difference maker this election. Trump has a long, slimy business record such that to expect him to stop being slimy once in office is unrealistic. He even blatantly admitted to bribing most of the candidates on the stage during the GOP debates. I don't see that a pimp is holier than a whore.
I believe he won because he sold the idea that most our security and job problems are caused by outsiders. It's a simple and powerful message from
Re:Snoop Doggy Dog (Score:4, Insightful)
The difference is that Trump is hated by the same people who expanded the snooping laws.
The FBI seemed pretty hell-bent on getting Trump elected...
If we assume that government corruption is the impetus, then it follows that the long term effects of Trump's term is decreased snooping overall.
Considering Trump's appointees are all coming from the same old places like Goldman Sachs, I'm not sure where you get the idea that corruption will be on the decline.
What's the date? (Score:2)
In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.
The rest of us are still in early December, 2016.
What's the date where you live?
Re: (Score:2)
>In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.
I'm about as liberal as they come.
I am more than disappointed by Obama's expansion of domestic spying. I am also more than disappointed by Obama's removal of due process and Habeas Corpus - Tangerine Bolen is in my Facebook friends list (because she's a good friend of my wife).
This is her:
https://www.theguardian.com/co... [theguardian.com]
There are a sh
Do YOU trust DHS? (Score:2)
" DHS takes the trust of our public ..."
Yes, because the public doesn't GIVE it our trust.
E
DHS Weaponized? (Score:3, Interesting)
The last two administrations have weaponized a lot of Federal agencies against the American people, violating the 1st, 2nd, 4th, 5th, 8th and other Amendments of the Bill of Rights, and their oath of office to "uphold and defend the Constitution of the United States".
Were they trying to break into the election computers and change the counts?
Re: (Score:2)
Georgia isn't really a state that would have much value for them to flip even assuming they could do so.
That said, you have to think there's some kind of political shenanigans going on behind it.
Then again, maybe if this is a thing going forward, we'll end up selecting for fewer luddites and more people interested in proper opsec, rather than compromising it the moment it becomes too inconvenient.
Homelasnd "Security" Ha Ha Ha (Score:5, Insightful)
Re: (Score:2)
To quote the Baron Acton, "Power tends to corrupt and absolute power corrupts absolutely". DHS has quite a bit of autonomy and little or no transparency, and that's a very tempting combination for ambitious -- or just plain power-seeking types. Who watches the watchers? We've seen this sort of phenomenon happen on a smaller scale with the TSA; now scale it up to the size and reach of DHS, and you begin to see what I'm talking about. They could, theoretical
Pen Test Effectiveness (Score:1)
I can see both sides of this issue, frankly.
When conducting White Hat penetration testing, it's important to get an official OK to conduct those operations. It is not legal or ethical to conduct them otherwise. However SOP is to keep the circle of those informed of what was going on, as small as possible.
Pen Tests become less effective (read: less true to life and revealing) the more people know about them. Thus you often see the CEO and maybe the CSO or CIO knowing, but almost no one else on the inside
Re: (Score:2)
When conducting White Hat penetration testing, it's important to get an official OK to conduct those operations. It is not legal or ethical to conduct them otherwise.
Were I to go back through very old access logs, I could point you to at least one or two Universities that disagree with you. I caught them testing my servers (and a lot of desktop systems) and they didn't have my authorization to do it. No, sorry, authorization from an admin at a different University to scan systems here isn't valid.
And I've caught my own university scanning my home system without my permission. When I reported THAT the response was "meh, so what?".
Like I said, the days of moral outrage
Probably requested by someone at the state (Score:1)
I do IT for small-town banks, and some have signed up with a service from the DHS where they do a (rudimentary) external vulnerability scan once a week, and then generate reports with trends in open ports/services/etc. My guess is someone in IT for the state probably signed up for these scans, and then their firewall/IDS/IPS vendor put out a scary report about hacking attempts. That report probably got handed to someone with an anti-federal agenda and here we are.
https://yro.slashdot.org/story/15/12/01/17
Too Late Kemp already gave it away (Score:1)
Attribution (Score:2)
Perhaps the DHS did not do it? It could be the work of a hacker that infiltrated DHS and use it to probe states.
Given that most states gave permission to DHS to perform penetration testing, it makes the DHS the perfect base for such activity.
Knowing the IQ at DHS ... (Score:2)
Re: (Score:2)
Them Russkies got a Georgah too? Gashdarnit, they can change the name. We had ours firstest!
Re: (Score:1)
So funny. When GW Bush was President, no proof was necessary. Any whacky thing that happened - See, GW at it again. They're already trying to blame Trump for stuff even though he's not even POTUS yet.
So let's blame Obama. He's POTUS still and it was one of the agencies that he runs. So he should be personally responsible, just like CEOs are under Sarbanes/Oxley.