Georgia officials say they thwarted an attempt to crash a state election website

ATLANTA– Election officials in Georgia acted quickly earlier this month to thwart an attempt to flood the state’s voter portal in an apparent attempt to crash the site, the secretary of state said.

The attack was limited to the part of the state website, which voters use to request an absentee ballot. Users may have experienced a brief slowdown, but the site never crashed and no data was compromised, said Gabriel Sterling, a top official at the agency.

He said it was not clear where the attack came from. There is no public indication that similar systems in other states have been subject to a similar attack.

Georgia’s Secretary of State informed federal authorities of the attack. The FBI, the federal Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence all declined to comment Thursday.

Detection tools available to the Secretary of State generated an alert about a processing delay shortly after 5 p.m. on October 14, the day before early in-person voting was to begin. Sterling said that Internet security company Cloudflare sent out an indication within minutes that it was a denial-of-service attack, which involves flooding a site with data to overwhelm it and take it offline.

The secretary of state could see that at its peak, at least 420,000 IP addresses were trying to access the site at the same time, Sterling said. The office introduced a verification tool that requires users to prove they are human, after which traffic “just fell through the floor,” Sterling said. Within 30 minutes of the first warning he said everything was back to normal.

Cloudflare told officials in Georgia that many of the IP addresses had been used in previous denial-of-service attacks.

“Overall, our systems worked,” Sterling said. “We just executed. There was no panic at all.”

Related Post