Faculty from the Evidence Based Cybesecurity Research Group were interviewed by WSB-TV for a story on a recent attempted hack.
Hackers attempted to gather information about voting records through the state’s MyVoter Page.
The program came as an attachment in an email a private citizen sent to a Democratic Party of Georgia volunteer Saturday morning. It claimed to expose specific vulnerabilities in the state’s My Voter page, basically by tricking the system to spit out any voter’s personally identifiable information in the state’s voter registration database.
Diamant asked Harrison to explain how it works.
“It’s getting data that it shouldn’t have had access to by asking for it, and it should have said, ‘Oh, you can’t do this,’ but instead it says, ‘You’ve done a well-formed login and now you’ve given me a well-formed request for a document that I happen to have, so here it is,’” Harrison said. “The only real way I can know whether that works is to run it, and that would actually be illegal to run it.”
Click here to view the full story from WSB.