It is easy, very easy to compromise a system 🤌. The CIA triad (Confidentiality, Integrity, availability) of a system can be broken. This can be done through vulnerabilities☠️, inside job, or even age old physical compromise. But there is a new modern tool that can be used to break the CIA triad....enter....Misinformation ✊
CyberMorans🤗,
You see, if you say a system is compromised (true or false), it triggers doubt in its shareholders. It creates doubts among voters. It creates doubt in anyone not remotely technical enough to ask how. It make everyone question the integrity of the system☠️
Caaalm down, am not talking the Kenyan election 9/8. No, because the evidence of this compromise is, in its own way, the greatest justification that the IEBC digital systems need to be audited, by the public. Outrageous you might think, but lets not forget the USA ('cradle of democracy' before Jan 6 2022 🤭) releases its voting machines to DEFCON every year.
So, lets see how the CIA triad has been compromised in 2022 9/8 Elections.
The arrest of 3 venezuelans
On 21st July 2022, 3 Venezuelan Nationals are arrested in JKIA by ATPU (anti terror police unit) on counts of possession of election materials.
Joel Gustavo Rodriguez,
Jose Gregorio Camarco and
Javier Suarez.
alongside an asoortment of devices, laptops phones and hard drives.
This sparks an outrage from IEBC officials that they are employees of Smartmatic, the company tasked with delivering the digital systems to IEBC. Shouting here, shouting there, a few days both IEBC and the Cops come out with public statements that all has been resolved and they have been released ✌️
OR has it?
The ATPU Forensic Report
Turns out the ATPU went ahead and processed the venezuelans stuff as evidence. More, they conducted an audit on the 7 devices in possession of the 3 venezuelans. This. is the FIRST BLOW to the CIA triad.
ATPU Director Martin Otieno has released a forensic analysis report on the devices on 27/8/2022. And from this report, we learn 👇
1. The suspects had the ability to remotely access to IEBC systems. Their laptops and phones were heavily encrypted.
2. The suspects were indeed in possession of sensitive election materials;
Jose Gregorio Camargo Castellano
Heavily Encrypted Dell laptop 👆 believed to have been for secure communication. There was also the 1tb hard drive. Both these devices were found to have the IEBC databse schematics, KIEMS kit, usernames and passwords, Ip address configurations, VPN addresses and settings.
From these devices, ATPU found that 19 foreigners had administrator rights among them 2 kenyans and the 3 suspects. The laptop had key information on the Aug 9 polls. He could access the entire IEBC database and its data remotely (add, delete, alter data) 👇
Salvador Javier Suarez
He was in possession of an Iphone 13 pro. In it, Contacts of IEBC employees, service providers, tech teams from airtel, Safaricom, Telkom Kenya and Thuraya 👇
Joel Gustavo Rodriguez
An Iphone was found to have IEBC system configurations, IEBC documents and the IEBC action plan 👇
The Director of ATPU is asking fervently for an audit on the IEBC digital system in a public recommendation in a letter addressed to the DCI (Director of criminal investigations) 👇
Smartmatic: Problematic?
These guys facilitate elections globally. But it doesnt take much to correlate their locations in the world with questionable taste. But, credit where its due, they do have one hell of a portfolio......
Smartmatic Portfolio and Scandals
I have grouped the 2 as they seem to go hand in hand. Smartmatic is involved all over the world from Venezuela, Phillipines to Brazil, USA and Africa. Vast Portfolio.
In Africa: Uganda since 2020, Zambia and Kenya 2022, Estonia, Belgium since 2012, Venezuela since 2004, Phillipines since 2008, Brazil since 2012, Singapore, Armenia in 2017...etc
1. Save for Kenya, Belgium and Armenia, all other countries have a history of alleged heavy voter fraud i.e Venezuela, Uganda, Phillipines, Brazil....
2. Venezuelan narco-state regime seems to be directly connected to the company. A concern cited multiple times in the US congress especially when they acquired Sequioa in 2006, a US based similar company.
Though Smartmatic has made differing statements saying that they were either American or Dutch based, the United States Department of State stated that its Venezuelan owners "remain hidden behind a web of holding companies in the Netherlands and Barbados". The New York Times states that "the role of the young Venezuelan engineers who founded Smartmatic has become less visible" and that its organization is "an elaborate web of offshore companies and foreign trusts", while BBC News states that though Smartmatic says the company was founded in the United States, "its roots are firmly anchored in Venezuela
3. In Phillipines, The Manila Times has stated that Smartmatic's system was unreliable, glitchy and vulnerable to tampering.
In early 2017, The Manila Times reported that Smartmatic machines were equipped with SD cards where voter entries are recorded, citing Glenn Chong, a former congressman of the NGO Tanggulang Demokrasya (TANDEM) stating that "at least one SD card was tampered with", allegedly showing that Smartmatic's system was "very much open to hijacking or sabotage".
The IBON Foundation, a non-profit research organization based in the Philippines also criticized Smartmatic's system, stating in 2016 that "Why Smartmatic keeps on winning contracts boggles the mind especially considering the numerous and major malfunctions by the machines and services that Smartmatic provided in the past two elections" and that there were "allegations of rigged bidding to favor Smartmatic such as designing contracts where only Smartmatic can qualify or omitting requirements that will otherwise disqualify Smartmatic"
4. On June 7, 2017, the Department of Justice (DOJ) indicted "several Smartmatic and COMELEC personnel for changing the script in the election transparency server on election night during the May 2016 national and local polls". Those charged with the tampering include Marlon Garcia (the head of the Smartmatic's Technical Support Team) as well as two other Smartmatic employees.
5. An unknown number of biometric voter verification machines being used in Uganda’s election failed to verify the identity of people at polling centers during national elections. Wine also alleged widespread fraud and violence, and internet services were disrupted throughout the country. The U.S. embassy had warned that it would be impossible to meaningfully observe the poll after three-quarters of its observer accreditation requests were denied.
Conclusion
5 scandals eerily similar to what is alleged here, not just by the opposition but also by National Security Agencies. Particularly issue 3 and 4 which in this context could be directly connected to the arrests and the subsequent forensic analysis report. Those machines really need to be audited by the public or atleast an independent accredited entity. This does NOT say the elections were hacked. No, it simply says that it may have been possible based on the recent revelations, and past record of the company, and the opaque nature IEBC is treating its systems. These is only meant to show that the IEBC's CIA triad, which serves as the backbone of every Cyber security infrastructure, MAY be compromised. However, an audit of the systems as suggested by the Director ATPU would clarify this fog of speculations upon speculations.
Subscribe to receive notifications of similar posts 😋 where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...😋
Morans,
Thank you for your time, Like and leave a comment/review and as always, stay awesome! 😋👊 💪
Comments