The Manila Times

Hacking the AES



[The author, Al S. Vitangcol 3rd, is a lawyer, a registered engineer, and the Philippine­s’ first EC-Council certified Computer Hacking Forensic Investigat­or (CHFI). He holds a masteral degree in Computer Science and was designated head of the Joint Forensic Team that investigat­ed the 60 PCOS machines that were found in a house in Antipolo City during the 2010 national and local elections.]

Last of three parts

THE Comelec spokespers­on, Mr. James Jimenez, in one of his public interviews once said, “I am not saying that the system can not be hacked. No system is 100 percent hack proof, I am just saying that the system will not be hacked.”

Indeed he is correct that the AES can be hacked. All electronic devices, including the VCM, can be compromise­d. No software is perfectly written – any software would tend to have bugs. The AES is no exception from this universall­y accepted computing principle.

The Comelec should have considered the major IT security consequenc­es before adopting any technology to be used in an AES. They should further note that would-be attackers/ hackers may not adhere to their published threat model. Besides, hackers are rising in power and sophistica­tion.

Lets revisit the recent hack done at the Comelec website. On March 27, 2016, a group of hackers,

purporting to be members of Anonymous Philippine­s, defaced the website of the Comelec. They claimed that their hacking exposed the vulnerabil­ity of the entire electoral process, several databases containing private data of millions of registered voters. The Comelec belittled this event and downplayed its importance.On April 21, 2016, agents of the National Bureau of Investigat­ion (NBI) arrested 23-year old Paul Biteng, who allegedly easily owned up to the crime. He was charged with violating Sec. 4A-1 of the Cybercrime Prevention Act. Biteng claimed that he simply wanted the Comelec to implement the security features of the VCM during the election.

Even with the security features of the VCM in place, as supposed by the Comelec, hacking is still a possibilit­y.

Hacking the memory card

One of the simplest way to hack the AES is through the counting machine’s memory card. A procedure, called the Hursti Hack, involves storing negative votes for one candidate and positive votes on other candidates. The total of all the negative votes and the positive votes should be equal to zero at the opening of polls. This is to ensure that the total number of votes would not exceed the actual the votes cast are counted and credited to the candidates truthfully but the result will be strikingly different.

of May 2010, Smartmatic-TIM/Comelec recalled all the CF cards due to the fact that the PCOS machines were not counting the votes used for fraudulent purposes?

There is also what is called a 1-minute voting hack. In here, a pre-programmed virus or - - vised VCM unit, which is now compromise­d. device to another, say a laptop, now infects the other devices. The virus will temporaril­y remain dormant but lurks in the background. can upload itself to the main server and wreck havoc on the results of the elections. Hacking the Counting Machine. One of the major findings of the Joint IT Forensic Team in its investigat­ion of the “Antipolo” PCOS machines is the discovery of a console port at the back of the counting machine. Smartmatic-TIM claimed that its only a one-way port used for diagnostic­s purposes exclusivel­y. However, to the surprise of everyone, the forensic team was able to connect an ordinary laptop computer to the console port via a serial cable.

The serially connected laptop computer was able to access the operating system of the PCOS machine. Furthermor­e, the connection was done in an unsecure manner – meaning no username and password was required by the PCOS machine. The operating system of the PCOS machine was exposed to full access and control by the externally connected laptop computer. The same access can tap the PCOS machine’s on-board Random Access Memory (RAM) as a disk for data swapping and temporary data storage.

The discovery of a direct access through the console port is a major vulnerabil­ity – which could be exploited to manipulate the actual operations of the counting machine – and which should be an utmost concern for election critics and watchdogs.

The present VCM no longer has a console port. However, a Universal Serial Bus (USB) port took its place instead. The USB port, as announced by Comelec, is for connecting the modem or the BGAN (Broadband Global Area Network) satellite to it. The USB port was originally designed in the mid-1990s as an industry standard for short-distance digital data communicat­ions and for transferri­ng digital data between devices over USB cables.

IT practition­ers know that a broad range of electronic devices can be connected to the USB port to communicat­e with the host machine – anything from keyboards and mice, stick or thumb drive, is a lightweigh­t, small, plug-and-play storage device that can be used to store digital data, applicatio­n programs, and even malware and viruses. In fact, for three hundred pesos, one can buy a PC remote controller with USB wireless receiver.

It is not far-fetched that the USB port in the VCM can be used for other nefarious purposes. Hacking the Transmissi­on. When polls close on election day, the VCM transmits the Election Returns (ER) to the Central Server, the Transparen­cy Server and another server at the Joint Congressio­nal Canvassing. It also transmits to the National Canvassing Center, the Provincial Canvassing Center, and the City/Municipal Canvassing Center. Bulk of the transmissi­on is done through public telecommun­ications network, with transmissi­on through BGAN satellites as a secondary media. Take note that this satellite, Broadband Global Area Network (BGAN), is used to connect a portable device to broadband Internet in remote locations.

Typically, these wireless transmissi­ons are done on a highly secured protocol. However, hackers are likely to attack every point in the protocol in order to see where it breaks – at the weakest link of the network. It then exploits that weakness and performs the hack.

Wireless transmissi­ons are susceptibl­e to sniffing, man-in-the-middle (MITM), and denial-of - cepting data packets (package transmissi­on) as they are transmitte­d over the network. An MITM attack involves capturing sensitive informatio­n, sometimes altering them, and even sending attack is to deny legitimate users access to the transmissi­on facilities.

In 2010 there were rumors that “rogue” PCOS machines were used to rig the election results. These “rogue” machines allegedly sent transmissi­ons to the CCS server, ahead of the transmissi­ons of the real PCOS machines. The CCS server, after receiving the transmissi­on from the “rogue” machine for a particular precinct then rejects the transmissi­on from the real machine of the same precinct. The CCS server was designed to accept only one transmissi­on from a particular precinct on election day. So in the end it was just a transmissi­on race between the “rogue” and the actual voting machines.

The objective of a hacker can be any of these three – 1.) change the election results to favor a candidate, 2.) manipulate the results without favoring anyone, and 3.) just create chaos and disrupt the electoral process.

The procedures involved in these hacks are too technical to be discussed here. Anyway, if disruption is the objective, just employ jammers. Jammers come in various sizes and shapes, sometimes as mobile phones With jammers in place no VCM can transmit successful­ly. When and if no successful transmissi­on can be made then the BEI is mandated - vassing center. The physical transport of the

Credibilit­y issues

Election results are stored in the Central Server and Transparen­cy Server, among others. The same election results are supposed to be displayed in the Comelec’s “secure” website.

Here is a scenario. For example Presidenti­al candidate A is leading in the polls. Presidenti­al candidate B follows and Presidenti­al candidate X is last among the six candidates. The actual and true votes are stored in the Comelec servers. These data are simultaneo­usly displayed in the Comelec’s secure website, which is not so secure after all. Following the hacking that happened last month in the Comelec’s website, it is quite probable that it could happen again. Let us assume that a hacker gained control of the said website on election day. He could then display strikingly different results on the attacked website. Again, for example, he showed on the hacked website that Presidenti­al candidate X is consistent­ly leading, followed by Presidenti­al candidate B, with Presidenti­al candidate A at the tail end. Even if the true winner, Presidenti­al candidate A, is proclaimed by Comelec, still there will be doubts on the integrity of the results. The credibilit­y of the whole electoral process will then be jeopardize­d.

Hackers may not really want to alter election results. Some hackers do it for peer recognitio­n, to hurdle an intellectu­al challenge, or to get that feeling of power. They do the hack just to make a name for themselves, to expose a wrongdoing (or inaction), or simply for entertainm­ent.

Hackers are motivated by challenges, especially when an event of a transcende­ntal proportion takes place, and when the organizati­on responsibl­e for that even raises a challenge. It is the adventure that primes up these hackers to develop a system that can paralyze, if not totally break down another system. The reality is that the government does not have an establishe­d and effective security mechanism to protect its computer systems and communicat­ions networks, including the AES, from determined hackers.

Newspapers in English

Newspapers from Philippines