The Investigator General of the Department of Homeland Security investigated a claim that the agency hacked into the state of Georgia’s voter registration database and found that the access consisted of “normal and automatic message exchanges” from Microsoft applications.
Brian Kemp, Georgia’s secretary of state, wrote a letter to then-Secretary of Homeland Security Jeh Johnson, saying that on Nov. 15, an IP address connected to DHS made an unsuccessful attempt at breaching Georgia’s firewall.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”
The Georgia Secretary of State’s office keeps a voter registration database of information about more than 6.5 million state citizens, according to Kemp. A private cybersecurity firm hired by the state of Georgia detected the activity stemming from the DHS IP address.
The IG conducted its investigation independently of DHS and released a letter discussing its findings on June 26. The IG found that a contractor at the Federal Law Enforcement Training Center (FLETC) accessed the Georgia website on Nov. 15 to verify firearms certification license information and copied and pasted that information into a Microsoft Excel spreadsheet. The website was available to the public and sent a request through Microsoft to ensure the compatibility of the information and the spreadsheet. The same request was sent through Microsoft whenever an individual searched the public database.
“None of the Georgia webpages accessed were related to elections or voters,” said John Roth, DHS IG.