Brian Kemp, Georgia gubernatorial candidate, explains how alleged criminal hacking linked to state Dems emerged
Georgia Secretary of State and Republican gubernatorial candidate Brian Kemp said Monday that his office was informed over the weekend of an alleged attempt to hack into the state's voter registration system, sparking an investigation that has turned the gubernatorial race on its head in the final hours before Election Day.
Kemp, who is locked in a tight race against Democrat Stacey Abrams, told reporters that his office was "handling this cyber incident like we would handle any cyber incident" and insisted that the system was "safe and secure."
"We found out about this, and when we did we acted immediately, which is the way we do it," Kemp said at a campaign stop in Albany.
Candace Broce, a spokesperson for the Georgia secretary of state's office, told Fox News that an attorney for election-security advocates had notified the FBI and the secretary of state's office Saturday of what appeared to be a major flaw in the database used to check in voters at the polls. Broce claimed that email correspondence among Democratic Party of Georgia officials shows that they attempted to hack a vulnerability in the system.
On Sunday, Kemp's office issued a statement saying that the Democratic Party of Georgia was under investigation for "possible cyber crimes." Neither the office nor Kemp has produced any evidence tying the Democrats to the failed hacking attempt.
An email chain obtained by Fox News on Monday begins with a forwarded message sent Saturday morning from a woman named Rachel Small to Sara Ghazal, the state Democratic party's voter protection director. The message identifies "two issues" with the MyVoter registration portal.
The Democratic Party of Georgia identified Small as "a volunteer ... on our voter protection hotline" who had forwarded an email from a man named Richard Wright to Ghazal. The party posted a copy of Wright's email to its official website on Sunday after the initial statement from Kemp's office.
"As is abundantly clear from these emails, it was Richard Wright, not Rachel Small, who may have performed the actions described," the party said. "The Kemp campaign has no case and must immediately retract their defamatory accusations."
A Democratic Party of Georgia spokesman told Fox News in an email that Wright contacted Small through the party's voter protection hotline and was not known to party officials before then.
According to the message forwarded by Small, MyVoter users can use a URL meant for downloading sample ballots to download any file on the system. The second vulnerability involves an identification number would-be voters use to download a form to print and mail their registration to the local election office. Wright claimed to Small that the ID number can be changed and used to "download anyones [sic] data and that includes lots of [personally identifiable information] (ie drivers license and last 4 of Ssn)."
Twenty-five minutes after Small forwarded Wright's message to Ghazal, the voter protection director emailed two Georgia Tech computer security experts, one of whom sits on a commission created by Kemp.
"If this report is accurate, it is a massive vulnerability," wrote Ghazal.
The Georgia Bureau of Investigation said Monday that it would investigate the allegations brought by Kemp's office, which also requested an FBI probe. The federal bureau has declined to make any public comment.
CLICK FOR COMPLETE FOX NEWS 2018 MIDTERMS COVERAGE
Abrams and the state Democratic party have rejected the allegations, with Abrams calling Kemp a "bald-faced liar" who had fabricated the allegation to draw attention away from his record presiding over a vulnerable system.
"There was never a hack," she told a gathering at a Savannah union hall. "What was wrong is that he failed to do his job. He is abusing his power."
Democratic Party of Georgia Chair DuBose Porter told reporters Monday afternoon that Kemp "can't be trusted to do his job, he cannot be trusted to oversee the election, he cannot be trusted to tell the truth [and] cannot be trusted to be governor."
"He has yet to provide evidence of any possible hack by the Democratic party and the reason is it does not exist," Porter said of Kemp. "He is just hoping this is another way to suppress the vote."
Abrams, who is trying to become the first black woman to serve as a U.S. governor, previously has accused Kemp of using his office to make it harder for certain voters to cast ballots. Kemp has countered that he is following the law and that Abrams and advocacy groups are trying to help noncitizens and others cast ballots illegally.
IN WEST VIRGINIA SENATE RACE, COAL MINING TAKES CENTER STAGE
Last month, a federal judge endorsed plaintiffs' arguments that Kemp has been derelict in his management of the state election system and that the setup is lacking in reliability.
In 2015, Kemp's office inadvertently released the Social Security numbers and other identifying information of millions of Georgia voters. His office blamed a clerical error.
His office made headlines again last year after security experts disclosed a gaping security hole that wasn't fixed until six months after it was first reported to election authorities. Personal data was again exposed for Georgia voters — 6.7 million at the time — as were passwords used by county officials to access files.
Kemp's office blamed that breach on Kennesaw State University, which managed the system on Kemp's behalf.
Fox News' Jonathan Serrie and The Associated Press contributed to this report.