http://www.wsbtv.com/news/local/atlanta/.../474347363

Quote: The Georgia Secretary of State is demanding answers from the Department of Homeland Security after an unsuccessful breach to the department’s firewall.

Secretary of State Brian Kemp talked exclusively with Channel 2 investigative reporter Aaron Diamant on Thursday, saying he was “mad as hell” after what he called a massive cyberattack on the agency's network Nov. 15, traced back to a United States Department of Homeland Security IP address.

"It's outrageous to think about our own federal government is doing this to us," Kemp told Diamant.

Kemp's office maintains Georgia’s voter registration and elections data, plus corporate and professional license records.

Kemp told Diamant that the network's firewall held up and there was no breech. But after the agency's security vendor sounded the alarm, Kemp fired off a terse letter Thursday to DHS Secretary Jeh Johnson.

"We're demanding answers to some of these questions, you know? Are they doing this to other states? Was it authorized or not? Who ordered this? Why is it being done and why weren't we notified?" Kemp said.

Yep, folks. Thats how "smart" some of our government workers are. They tried to unleash a cyberattack on a state's voter registration system, and failed to hide their ip address. That has "dumb*** government employee" written all over it.

(12-09-2016 10:11 AM)UofMstateU Wrote:  Yep, folks. Thats how "smart" some of our government workers are. They tried to unleash a cyberattack on a state's voter registration system, and failed to hide their ip address. That has "dumb*** government employee" written all over it.

Sounds like the same people who run DNC and HRC security!

Could the IP address have been "ghosted"? Not sure if that's even a term but could have some other entity made it look like the attack came from the DHS? Just playing devil's advocate here.

(12-09-2016 10:59 AM)VA49er Wrote:  Could the IP address have been "ghosted"? Not sure if that's even a term but could have some other entity made it look like the attack came from the DHS? Just playing devil's advocate here.

That depends on the nature of the attack. If you want to get onto a system and "do something" (read files, grab data, alter programs) then the ip address you are attacking from is where the data goes. If you fudge DHS while attacking Georgia then you will not get any of the data back, infact the normal TCP handshake will fail.

10K foot view of a tcp connection (change states for different IP's)

Bull says to VA ---> Hi VA I'm in Minnesota and I'd like to talk
VA says to Minnesota to Bull --> Hi Tim let's talk I am here in VA
Tim Says --> Great I hear you in VA...

If I spoof and say "Hi VA I'm in Texas and I'd like to talk" then your response would go to Texas and our session would never start.

If, on the other hand, you don't care if the return packets end up in the internet black hole and the connection packets fail then spoofing (the correct term) is not really all that hard to do. If this was a denial of service then maybe.

http://abcnews.go.com/Politics/wireStory...s-44192371

Quote:The state of Georgia is asking President-elect Donald Trump to investigate what it described as "failed cyberattacks" on its secretary of state's network that it traced to the U.S. Homeland Security Department.

In a letter Tuesday, Georgia Secretary of State Brian Kemp said his staff has uncovered nine more instances this year in which computers they traced back to the Homeland Security Department apparently attempted to infiltrate the state's network between Feb. 2 and Nov. 8. His letter followed earlier complaints that his office had detected what it called "a large attack on our system" one week after the presidential election. Trump's transition team did not immediately respond to a request for comment.

Kemp said the additional scanning activity from Washington didn't raise major red flags because it was considered less intrusive, but he said the timing was concerning because it corresponded to dates and times he spoke critically about the department's plan to designate elections systems as "critical infrastructure."

The dates include the date Kemp testified against the agency's plan before the House Oversight Committee, the day of a conference call discussing the designation a critical infrastructure designation with Georgia officials and Election Day, he said.

Discussions about whether to designate elections systems as critical infrastructure surfaced after hackers targeted the voter registration systems of more than 20 states in the months prior to the election. Some state officials worried the designation would amount to a federal takeover of election systems.

Quote:Homeland Security Secretary Jeh Johnson sent Kemp the results of an initial review Monday about the computer Georgia believes was involved.

The workstation belongs to a contractor for the Federal Law Enforcement Training Center in Georgia, Johnson said. The contractor told investigators he was accessing the website as part of his normal job duties to determine whether incoming contractors and new employees had a certain type of professional license, Johnson said.

Johnson said technical information indicated "there was no scanning of your systems by our cybersecurity experts."

A department official told The Associated Press last week that the employee's system was configured in a way that caused Georgia's outside security vendor to misinterpret the visit as a scan of its systems. The official spoke on condition of anonymity because this person was not authorized to publicly discuss preliminary findings.

Kemp said his staff was unable so far to confirm the explanation. "There are still many questions regarding the origin and intent of this attack that remain unanswered," he said.

Let's get it all out there. News about Russian hacking has been blaring across all the major networks because they breached DNC servers and leaked embarrassing emails by the Dems. In contrast, our own federal gov't attempts to breach the servers of a STATE GOVERNMENT for who knows what reason, and scant attention is being paid to it by the main stream media.

Russians hack an organization that is NOT PART OF THE FEDERAL GOVERNMENT gets a **** load of press. Our own government hacks (unsuccessfully) AN ACTUAL GOVERNMENT DEPARTMENT OF A STATE yet little concern by our press...

(12-16-2016 08:07 AM)miko33 Wrote:  Let's get it all out there. News about Russian hacking has been blaring across all the major networks because they breached DNC servers and leaked embarrassing emails by the Dems. In contrast, our own federal gov't attempts to breach the servers of a STATE GOVERNMENT for who knows what reason, and scant attention is being paid to it by the main stream media.

Russians hack an organization that is NOT PART OF THE FEDERAL GOVERNMENT gets a **** load of press. Our own government hacks (unsuccessfully) AN ACTUAL GOVERNMENT DEPARTMENT OF A STATE yet little concern by our press...

Indeed.

It is especially troublesome considering the fact that the widely shared opinion was the Georgia was in play for the presidential election.

(12-09-2016 11:10 AM)Bull_Is_Back Wrote:  

(12-09-2016 10:59 AM)VA49er Wrote:  Could the IP address have been "ghosted"? Not sure if that's even a term but could have some other entity made it look like the attack came from the DHS? Just playing devil's advocate here.

That depends on the nature of the attack. If you want to get onto a system and "do something" (read files, grab data, alter programs) then the ip address you are attacking from is where the data goes. If you fudge DHS while attacking Georgia then you will not get any of the data back, infact the normal TCP handshake will fail.

10K foot view of a tcp connection (change states for different IP's)

Bull says to VA ---> Hi VA I'm in Minnesota and I'd like to talk
VA says to Minnesota to Bull --> Hi Tim let's talk I am here in VA
Tim Says --> Great I hear you in VA...

If I spoof and say "Hi VA I'm in Texas and I'd like to talk" then your response would go to Texas and our session would never start.

If, on the other hand, you don't care if the return packets end up in the internet black hole and the connection packets fail then spoofing (the correct term) is not really all that hard to do. If this was a denial of service then maybe.

Good answer and example. I assume by your answer that you work in IT? I do as well. I would also add that the use proxies also allow a hacker to redirect traffic to different isp's. If someone was indeed trying to hack and make it like like it came from somewhere else the a proxy would work just as well.

Sent from my SM-N910V using Tapatalk