Hacking program part of email sent to Georgia Democratic Party, source says

ATLANTA — With just hours until polls open in one of the most hotly contested races for Georgia's next governor, Channel 2 Action News has gotten hold of a computer program at the center of a hacking scandal involving Georgia's online voter registry.

Republican Brian Kemp and Democrat Stacey Abrams have spent a lot of time over the last couple days hurling accusations at one another over all this.

Channel 2 investigative reporter Aaron Diamant made it his goal Monday to cut through all the politics to help Channel 2 Action News viewers better understand what is at the center of the hacking allegations.

Through sources, Diamant got hold of the computer program, a hack, that sparked a political firestorm.

We’re not identifying the program to keep others from trying the same thing, but Diamant did show the program to Georgia State University computer science professor Robert Harrison.

“It looks like it could work,” Harrison said.

RELATED STORIES:

The program came as an attachment in an email a private citizen sent to a Democratic Party of Georgia volunteer Saturday morning. It claimed to expose specific vulnerabilities in the state’s My Voter page, basically by tricking the system to spit out any voter's personally identifiable information in the state’s voter registration database.

Diamant asked Harrison to explain how it works.

“It’s getting data that it shouldn’t have had access to by asking for it, and it should have said, ‘Oh, you can’t do this,’ but instead it says, ‘You’ve done a well-formed login and now you’ve given me a well-formed request for a document that I happen to have, so here it is,’” Harrison said. “The only real way I can know whether that works is to run it, and that would actually be illegal to run it.”

Through our sources, Diamant was able to identify the program’s author. His calls and emails were not returned when he contacted that person for comment on this story.

While we don’t know whether the author actually did run the program, Harrison said there’s something even more concerning.

“It’s well written. Someone had a lot of inside information, because they knew exactly which files to go for, and exactly which directories, some of which aren’t obvious,” Harrison said.

The Georgia Bureau of Investigation announced Monday that it has launched a criminal investigation into the alleged hacking attempt.