Judicial Watch: Records Show Obama DHS Scanned Georgia Election Site in 2016

December 02, 2020 | Judicial Watch

(Washington, DC) Judicial Watch announced today that it received 243 pages of records from the Department of Homeland Security (DHS) that show the Obama administration’s scanning the election systems of Georgia, Alaska, Oregon, Kentucky and West Virginia in 2016. This activity prompted a letter from then-Georgia Secretary of State (now Governor) Brian Kemp to then-DHS Secretary Jeh Johnson accusing DHS of, “an unsuccessful attempt to penetrate the Georgia Secretary of State’s firewall.”

The records were produced in response to Judicial Watch’s Freedom of Information Act (FOIA) request, which asked for all records related to reported cyberattacks against the Georgia secretary of state’s information network involving DHS, including investigative reports, memoranda, correspondence and communications between October 1, 2016, and February 14, 2017.

The minutes of a DHS “Enterprise Security Operations Center” (ESOC) meeting indicate that on November 15, 2016, at 8:43 a.m. a “scanning event” occurred. The “‘scanning’ event was the result of a FLETC [Federal Law Enforcement Training Center] user’s Microsoft Office Discovery Protocol sending a packet with the OPTIONS flag to the Secretary of State of Georgia site.”

The minutes notes that the Enterprise Security Operations Center “has received requests from NCCIC [DHS’s The National Cybersecurity and Communications Integration Center] and MS-ISAC [Multi-State Information Sharing and Analysis Center] to investigate other states that have seen ‘suspicious’ activity.”

The minutes note that Kemp accused DHS of conducting illicit scans on at least February 2, February 28 and May 23, 2016, as well.

DHS notes in the minutes that they were working with Microsoft to determine what happened: “Microsoft and the ESOC with the assistance of FLETC, were able to confirm that the user non-maliciously copied and pasted elements of the website to an excel document, which triggered the HTTP ‘OPTIONS’ request.”

A “Microsoft E-Mail Statement (Unofficial Statement to ESOC)” was included with the minutes. The email stated, “After looking at the data I do not see requests that look malicious in nature or appear to be attempting to exploit a vulnerability.”