Last Friday, officials at the Department of Homeland Security told congress that a rogue federal employee may have been responsible for the November hacking that targeted the Georgia Secretary of State’s system.
Department of Homeland Security (DHS) officials said during a conference call with members of Georgia’s congressional delegation that there were two possible explanations for the hack. Either a third-party mirrored the DHS IP address recorded in the computer logs or someone within the department executed the infiltration without authorization.
Rep. Buddy Carter (R-GA) invited staff from the House Oversight Committee and Homeland Security Committee to participate in the emergency call that came in response to a letter sent by the Brian Kemp, Georgia Secretary of State, to the DHS Secretary, Jeh Johnson
“The private-sector security provider that monitors the agency’s firewall detected a large unblocked scan even on November 15 at 8:43 AM. The event was an IP address (22.214.171.124) attempting to scan certain aspects of the Georgia Secretary of State’s infrastructure. The attempt to breach our system was unsuccessful,” Kemp wrote in the letter.
“I’m am writing you to ask whether DHS was aware of this attempt and, if so, why DHS was attempting to breach our firewall,” Kemp concluded.
The cyber-attack was described as if someone were attempting to search for vulnerabilities within Georgia’s firewall. A congressional aide said the attack was as if someone were “trying to get into a car by trying all the doors or trying to open all the windows of a house.”
While the purpose of the attack and motives behind it aren’t clear, the hack is still being investigated. However, the few concrete answers from DHS leave many to believe they are not being completely honest about their participation in the breech.