Tampering with election results


    [The author, Al S. Vitangcol 3rd, is a lawyer, a registered engineer, and the Philippines’ first EC-Council certified Computer Hacking Forensic Investigator (CHFI). He holds a masteral degree in Computer Science and was designated head of the Joint Forensic Team that investigated the 60 PCOS machines that were found in a house in Antipolo City during the 2010 national and local elections.]

    Second of three parts
    THE most common question asked by the voting public is whether or not the election results can be tampered with. The answer is possibly YES.

    The configurations files and subsequent voting data generated during election day will be stored in a separate memory card – the Secure Digital (SD) card. The SD card is an ultra small flash memory card designed to provide high-capacity memory in a small size. The SD card belongs to the family of popular flash memory cards used for storage in portable electronic devices.

    This brings to mind the CompactFlash (CF) cards that were bundled with the PCOS machine during the 2010 and 2013 elections. We can still remember that on or about the first week of May 2010, Smartmatic-TIM/Comelec recalled all the CF cards due to the fact that the PCOS machines were not counting the votes correctly. They reasoned out that the spacing of the ballots caused the machines not to count the votes correctly.

    What is exactly in the CF card? Let us revisit the forensic examination done to the 60 units of PCOS machines found in the house of a Smartmatic-TIM technician in Antipolo City.

    The “Antipolo” PCOS machines were taken into the custody of the Senate of the Philippines on May19, 2010. The Joint Congressional Committee ordered the forensic analysis of the said machines on June 1, 2010. During the joint canvassing session of June 2, 2010, then Sen. Juan Miguel Zubiri announced the creation of the Joint IT Forensic Team, consisting of personnel from the House of Representatives and the Senate, to handle the task.

    The Joint IT Forensic Team then conducted its forensic analysis on 33 units of PCOS machines on June 4-5, 2010 at the Senate premises and on June 7, 2010 at the Smartmatic warehouse in Cabuyao, Laguna. The remaining 27 units of the “Antipolo” PCOS machines were never subjected to forensic analysis due to the dissolution of the Joint IT Forensic Team on June 8, 2010. The forensic team likewise examined 31 pieces of CF cards.

    Three major objectives in examining the CF cards are the following: 1.) determine if the CF cards are genuine, authentic, and have been used in the 2010 elections, 2.) confirm if the CF cards have hidden and/or deleted files, and 3.) analyze and interpret the contents of the CF card. We will just focus on the third objective for purposes of this article.

    Forensic analysis revealed that the main CF card contains a Data Configuration Folder (DCF), an Election Folder (EF), and a Temporary Folder. The DCF contains four other files while the EF have 10 other files pertaining to the ballot layouts. The Temporary Folder includes log files and other statistics.

    To this author’s mind, the SD card will function in essentially the same way as the CF card. The SD card is to the VCM as the CF card is to the PCOS.

    Therefore, an individual having access to the SD card can alter or modify the configuration files. Remember the ovals to be shaded in the official ballot? The coordinates, or specific locations, of these ovals are in the configuration files. These configuration data can be altered in different ways. First, the coordinates can be deliberately changed so that votes for that particular oval will be disregarded. Second, the coordinates of the ovals can be interchanged – resulting in the swapping of votes of two candidates. Third, the configuration files can be corrupted or deleted, resulting in the rejection of all ballots cast.

    In the May 10, 2010 elections, some 38 million votes were cast for the Presidential election. Out of the 38 million votes, approximately 5.2 percent, or around 2 million votes, were considered invalid. Again, in a hotly contested election, 2 million votes matter a lot!
    Having the SD cards separate and distinct from the VCM unit itself opens up the opportunities for damage, tampering, data alteration, and even card switching.

    SD card switching can be done with some technical know-how, with or without a little help from the BEI, and some sleight of hand. An SD card containing spurious election results is prepared ahead of the actual elections (called a pre-loaded card). After the closing of polls, and prior to transmission, the pre-loaded card is switched with the actual SD card. Thus, it will be the contents of the pre-loaded card that will be transmitted to the Consolidation and Canvassing System (CCS).

    If the card switching cannot be done right away prior to transmission, a fraud operator can simply jam the transmission. This can easily be done by employing portable jammers. In Comelec Resolution 10083, particularly Section 7 thereat, allows the Board of Canvassers (BOC) to receive “the envelope containing the main SD card or CD with label ‘NOT TRANSMITTED.’ ”

    Section 11 of the same Resolution requires that, “All VCM main SD cards shall be imported to the CCS. xxx In case the VCM main SD card is not available, or is found to be defective, the Board shall retrieve from the VCM the back-up SD card and give the same to the operator xxx.” Note that it takes a considerable time for all of these processes to be done – opening a window of opportunity for card switching.

    To ensure the successful delivery of electronic services in critical Information Technology (IT) systems, such as the AES, these services should be done with no or minimal human intervention. Manually importing and uploading SD cards and CDs to the CCS violates this principle and opens up a vulnerability, which can be exploited by unscrupulous individuals.

    With the few identified vulnerabilities of the AES, the final question that begs to be answered is this – “Is the AES susceptible to hacking?”

    More in Part 3 of this series, which will appear tomorrow.


    Please follow our commenting guidelines.

    1 Comment

    1. After reading this second article, I am fully convinced that election results can be manipulated, by doing simple processes. The machines or the computers only work or can process data based on the instructions given to it, and that is the program. The way the official ballot was made, having access (human intervention) to SD card and being able access the configuration folder can change the results on everything before transmitting to wherever its intended destination(s).

      Philippines have produced so many brilliant programmers, to include the guy that hacked COMELEC web site recently. The COMELEC should have protected the integrity of election results and should have implemented layers of security measures. However, the best solution would be the immediate transmission of votes without human intervention.