ATLANTA — The Georgia Secretary of State’s Office confirmed to Channel 2 Action News that online security experts prevented a cyberattack aimed at crashing Georgia’s absentee voter website.
The Secretary of State’s cyber team was alerted to a dramatic spike in attempts to access Georgia’s absentee voter website.
The office told Channel 2 investigative reporter Mark Winne exclusively that computer experts came up with a fix and a big win for the good guys preventing a big online issue for Georgia voters.
“The target of the attacks was our absentee ballot portal,” said Gabriel Sterling, chief operations officer for the Georgia Secretary of State’s Office. “How bad it could’ve been is they could’ve done this, and if they saw they could do this they could’ve hit everything we had.”
More than 420,000 nearly simultaneous attempts from around the world to access the state’s absentee voter portal late in the afternoon of Oct.14 constituted a coordinated attempt to make it crash and unavailable to Georgia voters.
“We are a target. We are the center of the political universe. Our absentee ballot portal is live right now in the middle of an election. It is a ripe and juicy target for bad actors and enemy powers,” Sterling said.
But the Secretary of State’s Office’s safeguards, partners, and information security team scattered among the rows of cubicles where the cyber experts work and teamed up to detect it in time to prevent the crash and to take steps to stop the attack.
“On October 14, which was the last day to register to vote, at approximately 5:16 p.m. we saw a beginning of an increase of usage of people attempting to log in, and by 5:20 p.m. we saw a spike of around 420,00 individual entities attempting to access the absentee ballot portal. We identified it and attempted to mitigate it immediately, and you see it start to drop back down,” Sterling said.
“Did you come up with a fix?” Winne asked Sterling.
“We were able to, working with our partners, put in an interface that says basically are you a human and once we engaged that, we saw the level of attack lower very quickly,” Sterling said.
Sterling told Winne that, most likely, at least most of the attempts to access the portal were carried out by so-called bots -- Sort of cyberspace robots -- not by people sitting at keyboards.
“These different login attempts were from all over the globe. I mean from Indonesia, Brazil, United States, Viet Nam, Japan, Thailand,” Sterling said. “Many of these entities and these computers have been used in previous attacks around the world.”
“You never know what could be coming over the horizon which is why we always have to keep on investing and working with our people and our processes every day every year. One of the things that we believe in talking to experts about this is this could’ve been a probing attack, which is basically, what do they have in place to stop these kinds of things, and if they don’t have them in place we could put more resources to try to cause more problems later. By having these resources in place to begin with, we have lowered the likelihood of such an attack being attempted in the future,” Sterling said.
Sterling said because of the safeguards in place and swift action the only effect for Georgia voters was a brief slowdown on the absentee ballot portal.
He told Winne that officials don’t know who was ultimately behind this, who coordinated it, but it may have been a foreign nation or someone acting in behalf of a foreign nation.