Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Government Security Communications Network Networking Privacy United States Politics

DHS Tried To Breach Our Firewall, Says Georgia's Secretary of State (cyberscoop.com) 146

An anonymous reader quotes a report from CyberScoop: Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful. The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state's elections. "At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network," Kemp wrote in the letter, which was also sent to the state's federal representatives and senators. "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." "The Department of Homeland Security has received Secretary Kemp's letter," a DHS spokesperson told CyberScoop. "We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly." Georgia was one of two states that refused cyber-hygiene support and penetration testing from DHS in the leadup to the presidential election. The department had made a significant push for it after hackers spent months exposing the Democratic National Committee's internal communications and data.
UPDATE: A later investigation revealed the activity Kemp cited "was the result of normal and automatic computer message exchanges," apparently caused by someone cutting and pasting data into a Microsoft Excel document.
This discussion has been archived. No new comments can be posted.

DHS Tried To Breach Our Firewall, Says Georgia's Secretary of State

Comments Filter:
  • by Anonymous Coward on Friday December 09, 2016 @05:44PM (#53455453)

    Translation: We will deny this happened while privately scolding the team we ordered to do this. If you keep pushing us, we will be forced to throw our IT guys under the bus.

    • More like "We won't be scolding our guys because they were following orders. Whose orders? Sorry, you're not cleared for that | We'll look into it and (maybe) let you know what we find | The people doing the penetration attempt thought your state was on the approved list | It was a computer glitch | Russia tried to hack you, not us."
      • by Anonymous Coward

        Sorry, but the Russians were behind getting Trump in. This is just more double agent activity.

        • by Xenographic ( 557057 ) on Friday December 09, 2016 @06:24PM (#53455733) Journal

          I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.

          • by subk ( 551165 )

            I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.

            How careless would one have to be to miss clues like "Homeland Security" and "Secretary of State"?

            • Countries have Secretaries of State, too, you know. And governments have been rumored to occasionally attempt to breach the networks of foreign countries as well. The confusion is warranted in this case.

              The part that gave it away was the Secretary of State saying, "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election

          • I had to read this carefully before I realized that the US state of Georgia was complaining, rather than the country of Georgia.

            The word "state" appears EIGHT times in the title and summary. You can read it quite carelessly, and it's still difficult to miss the context.

            There's plenty of problems to complain about, here... This is not one of them.

            • by dbIII ( 701233 )
              And in the dictionary you will find that "state" can also apply to "nation state" - but it's all moot because the guy who said he was mistaken was only making a joke.
          • It took me a long time before I realized the Beatles song "Back in the USSR" was talking about Georgia the country, not Georgia the state. Song made a lot more sense after that.
        • Problem #1 with your theory is that there is no evidence. [huffingtonpost.com]

          After the election, the Obama administration said it had no proof of Russian interference in the election tallies and that the results “accurately reflect the will of the American people.”

          Problem #2 is that, even if they had, they would only be doing the same the US has done so many times. Pot calling the kettle black ...

          • Don't go arround poking bears esp not ones with nukes, well it does not seem like Russia gives a s... Vladimir actually looked flattered that the US accused Russia of messing with the us election
          • OK, I'll bite. Please name one instance of the US interfering in a foreign election. Pot calling the kettle black indeed...

            • Either you don't know your history, or you're too lazy to use google, so the first item that comes up when asking about us interference in other countries elections: [washingtonpost.com]

              In the 1958 Japanese election, the United States gave the Liberal-Democratic Party damaging political intelligence on its main rival, the Socialists. The CIA acquired it from paid informants within the Socialist Party. In the 1990 Nicaraguan elections, the United States leaked damaging information on alleged Sandinista corruption and Swiss bank accounts, funneling the information to German newspapers. The Nicaraguan opposition then used these German media reports to great effect.

              In other words, the CIA was doing the exact same thing that they accuse Wikileaks of doing. US exceptionalism at work - "the rules don't apply to us."

              and [huffingtonpost.com]

              “Isn’t it interesting that her (Clinton's) campaign is now experiencing the same thing that she perpetrated on other countries,” Netherton told The Huffington Post, as she awaited Sanders’ speech Monday night.

              “She did this in Haiti, she did this in Honduras, and now it’s coming back on her and she’s all verklempt about it,” Netherton added. “It’s a little bit of her own medicine, but unfortunately I don’t think she’s open minded enough to see that for what it is.”

              Indeed, meddling in foreign politics is a great American pastime, and one that Clinton has some familiarity with. For more than 100 years, without any significant break, the U.S. has been doing whatever it can to influence the outcome of elections up to and including assassinating politicians it has found unfriendly.

              Assassinating politicians is certainly going to keep them from running in an election.

              When Iran elected a nationalist politician, Mohammed Mosaddeq, the U.S. intervened to launch a coup in 1953, which CIA agent Kermit Roosevelt led. Mossadegh’s crime was to nationalize a British oil company, a forerunner to BP, and to spark concerns among the paranoid Dulles brothers that he was leaning toward the Soviet Union. The U.S. installed Mohammad Reza Shah Pahlavi, Iran’s monarch, as the head of Iran and his repressive rule led to the Iranian revolution. That uprising, in turn, has given us a brutally repressive regime in Iran, client terrorist groups around the Middle East, savage sectarian violence in Iraq and a nuclear standoff.

              Overthrowing a democratically elected politician and getting rid of elections is also interfering in Iran's electoral process.

              When the French withdrew from Vietnam in the 1950s, they scheduled an election to be held shortly after. It became increasingly clear that the communist revolutionary leader Ho Chi Minh would win it in a landslide. So the U.S. intervened and installed Ngo Dinh Diem as leader of a new country it recognized as South Vietnam. The national election was canceled, but the U.S. still needed a way to pretend the puppet regime had political support. So it set up an election between Diem, who was widely disliked, and an exiled member of the royal family who was even more hated. Diem won with an absurd tally of 98.2 percent.

              Cancelling an election that would have elected someone the US didn't want to win is most certainly interfering in their electoral process.

              The election in 2014 didn’t go as the U.S. intended (like the one in 2009, shot through with fraud that gave it to Hamid Karzai). So the U.S. declared it a tie and created a new position not in the Afghan constitution called Chief Executive Officer.

              There are plenty of other examples of US interference in other countries.

        • by Anonymous Coward

          lol@democrats using the russians as an excuse.. It's a page straight from the republican cold war propaganda strategy.

          captcha: crackpot

          • by Anonymous Coward

            Only a crackpot would think HRC wasn't the REAL WINNER of the electrion. SMH

    • "These are not the ports we're looking for... move along"...

  • DHS bot (Score:5, Insightful)

    by magarity ( 164372 ) on Friday December 09, 2016 @05:53PM (#53455525)

    detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall... "We are looking into the matter"

    Probably the DHS servers are all overrun with botnets trying to probe around for more servers to take over.

    • I'm not sure which is worse:

      1. The DHS servers are really botnets
      2. The DHS tried to do this
      3. The "DHS servers" likely succeeded else where

      • I'm not sure which is worse: 1. The DHS servers are really botnets

        Unlikely.

        2. The DHS tried to do this

        Sorry, I don't see how this is bad. One government agency that does this pen tested another government agency that had refused "cyber hygiene" support to see if the commercial service provider was doing its job. They were; nobody got broken into, and the customer was notified of the attempt.

        3. The "DHS servers" likely succeeded else where

        Yes, that is second worst of the three, and it and option 1 are truly bad. Then we have option 4: DHS failed elsewhere but the server admins didn't notice.

        I run a few servers at a university. I used to catch ot

        • by Calydor ( 739835 )

          and the customer was notified of the attempt.

          Oh really?

          Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network

          Doesn't sound like they were told about it from anything other than analyzing their traffic logs.

          • and the customer was notified of the attempt.

            Oh really?

            You don't read even the summary, do you?

            Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. How do you think Brian Kemp knew it was happening if he, as the head of the agency that is the customer of the third-party security firm, wasn't notified of the attempt?

            As I wrote: ... the commercial service provider was doing its job. They were; nobody got bro

      • Georgia [cnn.com] went to Trump by a small landslide (230,000 votes) so it's not a likely candidate for hacker fraud, and this probe seems to have occurred (Nov. 15th) long past when any vote-changing might've been feasible.

        Other than an exploit by a couple of intoxicated agents, why would the DHS be unable to hide their origin IP address?

        • So it's either a 3rd party malicious actor using a compromised DHS server, or a rouge DHS actor?

        • How do you know he didn't win by said margin due to hacker fraud?
          • In as much as one can know these things, the State of Georgia [realclearpolitics.com] was not expected to go any other way.

            Remember, fraud would have to be perpetrated at the precinct level since Statewide totals available at the Secretary of State's office would just be the sums of previously recorded vote counts. It seems much more likely election fraud would be attempted in State races which are considered toss-ups... pre-election polls showed a close race in Ohio, for instance, and it went to Trump by a wide margin. [cnn.com]

  • Text of Letter (Score:2, Interesting)

    by Anonymous Coward

    https://assets.documentcloud.org/documents/3234551/Georgia-Secretary-of-State-Letter-to-DHS-Secretary.txt

    The Office of Secretary of State
    23mm Kemp
    SECRETARY OF STATE
    December 8, 2016
    The Honorable Jeh Johnson
    Secretary of Homeland Security
    Department of Homeland Security
    Washington, DC. 20528

    Secretary Johnson,

    On November 15, 2016, an IP address associated with the Department of Homeland Security made an
    unsuccessful attempt to penetrate the Georgia Secretary of State's firewall. I am writing you to ask whether
    DHS

    • I don't think they need to worry about their firewalls, they need to worry about falling prey to obvious phishing scams [wikileaks.org] (note the bit.ly link...) and not working together to compromise their own OPSEC [slashdot.org] by bypassing all the controls.

    • by Anonymous Coward

      This appears to be nothing but an ordinary port scan. What, however, is an 'unblocked' scan supposed to be?

      More interesting, there are literally thousands of those scans per day. What made this one stick out?
      The IP address? That would mean someone, i.e. the private-sector security provider, is not only maintaining a list with US Government IP addresses for their security product, but also that someone has decided that raising an alarm because of one of those specific US Government IP addresses scanning the

      • Re: Text of Letter (Score:2, Interesting)

        by Anonymous Coward

        You would not believe the shit-storm of belligerent phone calls, emails, escalations and accusations I have seen triggered by single nmap scan on default settings. I would not be the least bit surprised if someone at the DHS couldn't access a state of Georgia website and simply ran a quick nmap to see if it was down.

  • The STATE Georgia, not the COUNTRY.
  • Snoop Doggy Dog (Score:3, Interesting)

    by Tablizer ( 95088 ) on Friday December 09, 2016 @06:13PM (#53455671) Journal

    In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.

    At first (s)he seemed to argue otherwise, but after a lot of probing on my part, the truth finally came out: He was more nervous with a Democrat snooping than a Republican. It wasn't the snooping itself, but WHO was snooping.

    I can see how the personal trust issue can play a part, but to keep switching the laws back and forth depending on which party is in power is not realistic.

    • In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.

      The rest of us are still in early December, 2016.

      What's the date where you live?

    • by bmo ( 77928 )

      >In an online political discussion, one conservative complained about Obama's alleged excess snooping. I pointed out that Bush and Trump are pretty much pro-snoopers also.

      I'm about as liberal as they come.

      I am more than disappointed by Obama's expansion of domestic spying. I am also more than disappointed by Obama's removal of due process and Habeas Corpus - Tangerine Bolen is in my Facebook friends list (because she's a good friend of my wife).

      This is her:

      https://www.theguardian.com/co... [theguardian.com]

      There are a sh

  • " DHS takes the trust of our public ..."
    Yes, because the public doesn't GIVE it our trust.

    E

  • DHS Weaponized? (Score:3, Interesting)

    by Jerry ( 6400 ) on Friday December 09, 2016 @06:26PM (#53455751)

    The last two administrations have weaponized a lot of Federal agencies against the American people, violating the 1st, 2nd, 4th, 5th, 8th and other Amendments of the Bill of Rights, and their oath of office to "uphold and defend the Constitution of the United States".

    Were they trying to break into the election computers and change the counts?

    • Georgia isn't really a state that would have much value for them to flip even assuming they could do so.

      That said, you have to think there's some kind of political shenanigans going on behind it.

      Then again, maybe if this is a thing going forward, we'll end up selecting for fewer luddites and more people interested in proper opsec, rather than compromising it the moment it becomes too inconvenient.

  • by frovingslosh ( 582462 ) on Friday December 09, 2016 @06:36PM (#53455821)
    The Federal Government just does whatever it wants. Damn the laws or the Constitution or anyone's rights. Get used to it.
    • This is more along the lines of what I was thinking.
      To quote the Baron Acton, "Power tends to corrupt and absolute power corrupts absolutely". DHS has quite a bit of autonomy and little or no transparency, and that's a very tempting combination for ambitious -- or just plain power-seeking types. Who watches the watchers? We've seen this sort of phenomenon happen on a smaller scale with the TSA; now scale it up to the size and reach of DHS, and you begin to see what I'm talking about. They could, theoretical
  • by Anonymous Coward

    I can see both sides of this issue, frankly.

    When conducting White Hat penetration testing, it's important to get an official OK to conduct those operations. It is not legal or ethical to conduct them otherwise. However SOP is to keep the circle of those informed of what was going on, as small as possible.

    Pen Tests become less effective (read: less true to life and revealing) the more people know about them. Thus you often see the CEO and maybe the CSO or CIO knowing, but almost no one else on the inside

    • When conducting White Hat penetration testing, it's important to get an official OK to conduct those operations. It is not legal or ethical to conduct them otherwise.

      Were I to go back through very old access logs, I could point you to at least one or two Universities that disagree with you. I caught them testing my servers (and a lot of desktop systems) and they didn't have my authorization to do it. No, sorry, authorization from an admin at a different University to scan systems here isn't valid.

      And I've caught my own university scanning my home system without my permission. When I reported THAT the response was "meh, so what?".

      Like I said, the days of moral outrage

  • by Anonymous Coward

    I do IT for small-town banks, and some have signed up with a service from the DHS where they do a (rudimentary) external vulnerability scan once a week, and then generate reports with trends in open ports/services/etc. My guess is someone in IT for the state probably signed up for these scans, and then their firewall/IDS/IPS vendor put out a scary report about hacking attempts. That report probably got handed to someone with an anti-federal agenda and here we are.

    https://yro.slashdot.org/story/15/12/01/17

  • Brian Kemp is the same Georgia (U.S.) Secretary of State that had his IT department send out CD's to dozens of places with the entire Georgia Voters list info including Names, Addresses, Social Security Numbers,and what primary's the voter voted in (Democratic or Republican). Anybody could get them they just had to pay the fee! When this hit the local news he sent a letter asking everyone who got them to return them so that "fixed" the problem. I don't think he even knows that any number of copies could h
  • Perhaps the DHS did not do it? It could be the work of a hacker that infiltrated DHS and use it to probe states.

    Given that most states gave permission to DHS to perform penetration testing, it makes the DHS the perfect base for such activity.

  • ... they were probably looking for Chechen rebels.

Your program is sick! Shoot it and put it out of its memory.

Working...