Election agencies of two states have confirmed that the suspected cyber attacks were linked to U.S. Department of Homeland Security IP address as last month’s massive attack in Georgia.
The two states reporting the suspected cyberattacks were West Virginia and Kentucky.
West Virginia wrote in a letter, “This IP address did access our election night results on November 7, 2016.” Kentucky responded the same IP address “did touch the KY (online voter registration) system on one occasion, 11/1/16.”
The 10 separate cyberattacks on its network over the past 10 months were traced back to DHS address. The most recent one was an attempt to look at the voter registration database.
On Friday (December 16), DHS said that the cyberattack was caused by an employee at the state’s Federal Law Enforcement Training Center by copying-and-pasting some information from a state website onto an Excel sheet. Apparently, this person was doing a simple background check on new armed guards and wanted to make sure these people had the correct certification. That meant going to a Georgia state website to review the license numbers. This reportedly prompted a “medium-priority alert.” Excel sent out what’s known as an HTTP option command, a request for server information. DHS officials said Microsoft verified its conclusions.
The training centre regularly accesses that database to verify that potential employees are licensed.
Option commands are not rare; DHS claims its systems send out more than 4,200 every business day.
Last week, Georgia Secretary of State Brian Kemp sent a letter DHS head Jeh Johnson asking why the state’s systems had logged what he called an attempt to breach its network coming from a DHS internet address. Kemp said an attacker had tried to scan his systems.
DHS has yet to explain at least nine other suspected network scans linked to DHS IP addresses over the last year on or around important primary and presidential election dates.