Feds: ‘Security researcher’ behind KSU data breach broke no federal law
Kristina Torres reports:
Federal investigators say a “security researcher” was behind a data breach at Kennesaw State University’s Center for Election Systems, and his probing of the system broke no federal law.
University officials announced the finding Friday after being briefed by investigators from the Federal Bureau of Investigation, ending a monthlong probe over a potential hacking case that had raised alarms over the security of the state’s election system.
Of note, the report suggests that the researcher, who appears to have attempted responsible disclosure, may never have actually penetrated core systems:
No charges have been announced and officials did not name the researcher, who is believed to have contacted the center at least twice — including once before last year’s presidential election — to notify it about the server’s vulnerabilities and apparently draw attention to them.
The Atlanta Journal-Constitution has reported previously that state officials believed the researcher never penetrated the center’s core systems, which represent the heart of its work.
Read more on AJC. If they’re not hassling the researcher, I’m glad to hear it. Such hassles don’t chill research – all they’re likely to chill is researchers actually notifying entities of vulnerabilities they find.