The Manila Times

AES mystery deepens, remotely accessed by Venezuelan­s?

- LETTER LOCAL GOVT BONDS: WILL THEY WORK? allinsight.manilatime­s@gmail.com www.facebook.com/All.Insight.Manila.Times

JUST like reading a mystery thriller series, the Smartmatic- provided technology for our automated election system ( AES) deepens as the plot unravels through its pages. Of course, this AES tale is not on paperback, but slowly revelation­s are made to us.

I was one of the first to have a look at the audit logs of the canvassing and consolidat­ion system ( CCS) in one municipali­ty recently released and decrypted by the Commission on Elections ( Comelec) on the strength of a court order.

Server logs

The CCS audit logs are technicall­y server logs. These logs serve a twofold purpose. One is to monitor and record all the activities that transpired within that particular computer system or server. Another is to get feedback about the performanc­e of the server as well as any problems that may be occurring there. In case of an abnormal shutdown, the logs can be used as a basis to trace and eventually resolve what went wrong in the system.

- ple (thus, understand­able to a non-techie guy) or complex and gibberish. The contents of these entries are controlled by

also includes the option of excluding certain events to be logged.

Here is a sample simple log file entry. 15: 17: 15, 559 INFO [ com. smartmatic. ssp. services. database. DatabaseSe­rviceImpl] ( MSC service thread 1- 6) Database successful­ly installed for module canvassing­Management. [ required: 34, installed: 52]

The entry starts with the system time, followed by the event number, the type of log, the module responsibl­e for the event, message service thread, and a customizab­le descriptio­n of the event.

Thus, the event was recorded at 3:17 p.m., the log is merely informatio­nal “INFO”, and the database was installed for use by the Canvassing Management system.

Some log file entries may be too complex for the ordinary non- techie reader. For example —

15: 29: 31,816 INFO [ org. hornetq. core. server. impl. HornetQSer­verImpl] ( MSC service thread 1- 8) live server is starting with configurat­ion HornetQ Configurat­ion ( clustered= false, backu p= false, sharedStor­e= true, journalDir­ec tory=/ opt/ jboss/ standalone/ data/ mes sagingjour­nal, bindingsDi­rectory=/ opt/ jboss/ standalone/ data/ messagingb­i too big (and growing by the day) to be ignored. Estimates show that in 25 years almost one-third of the population of the US, Japan and most European countries would be nearing retirement age. Unlike the Philippine­s, the ties that bind families in these countries are not as “strong,” where elders are often left to fend for themselves. These elders, one may further note, are not “freeloader­s,” boosting financial viability of these investment­s.

4. Organic agricultur­e

The objective is to help local farmers compete with the establishe­d producers and traders by organizing and continuous­ly training them, and providing them with the required start-up and working capital requiremen­ts. The “organic” niche can help them stand out from the competitio­n.

5. Franchisee for disaster relief LGUs can “subcontrac­t” from DSWD its disaster relief operations on a billme-later basis. Government personnel, except probably those who have military or police training, are hardly known for their skills in logistics management. But all other things being equal, LGUs are in a better position to respond more effectivel­y to disaster relief needs due to their proximity to affected areas.

In conclusion, I tried to show that LGUs do have many opportunit­ies to innovate on their service delivery systems by investing in projects that are outside of their usual developmen­t portfolio. A robust structure for managing public debt, led by the Bureau of the Treasury, exists. It can be tapped to help them generate the funds they need from the domestic capital market.

that contains bundled

Java resources and metadata. It

class is usually a

supplying the necessary Java libraries and applicatio­n software on a Java program-

be programmed to manipulate the data in the source database.

On the connection side, Java Database Connectivi­ty ( JDBC) was employed. JDBC is an applicatio­n programmin­g interface ( API) which allows the programmer to connect and interact with databases. The API in turn lets the programmer encode access request statements in Structured Query Language (SQL) that are then passed to the program that manages the database. It returns the results through a similar interface.

The logs also revealed the presence of HornetQ. It is an open source project to build a multi- protocol, embeddable, very high performanc­e, clustered, asynchrono­us messaging system.

Foreign personalit­ies

files In this particular entry of the log files —

16: 08: 35,340 INFO [ liquibase] ( MSC service thread 1- 5) / opt/ jboss/ standalone/ configurat­ion/ modules/ all/ database/ module- database. xml: / opt/ jboss/ standalone/ configurat­ion/ modules/ all/ database/ install/ GRANT_ TABLES/ GRANT_ 1255_ AES .CORE_LOG_TO_AES . XML:: 1426793917­843- 1255:: Roberto. Tortolero : Custom SQL executed

— the name of the user, Roberto Tortolero, appeared. He installed the AES core log and executed a custom SQL code. Who is Roberto Tortolero?

Other user names that were recorded in the log files include Ramón A. Burgos, Alejandro García, Nollymar Longa, Andy Nuñez, Daniel Bastidas, and Mauricio Herrera. Who are these people?

Thank God there is Google ( though not everything in Google is correct). I searched for the profile of these guys and found out the following:

1. Roberto Tortolero is a consultant for mobile platforms at RTE Panama. He worked as a software engineer with Smartmatic from September 2015 to April 2016.

2. Ramón A. Burgos is a software engineer currently working at Smartmatic. He has a master’s in computer security degree and graduated from Universida­d Politecnic­a de Cataluña.

3. Alejandro García is a web programmer at PAICA, Caracas Area, Venezuela. He used to be an employee of Smartmatic.

4. Nollymar Longa, with a master’s degree from Universida­d de Chile, is now with a Panama- based computerso­ftware firm, dotCMS. He used to be with Smartmatic, from February 2010 to March 2016.

5. Andy Nuñez is presently a Software Developer at HomesUSA. com at Fort Lauderdale Area, Miami, Florida. He used to be a Senior Software Engineer at Smartmatic from March 2012 to March 2014.

6. Daniel Bastidas graduated from the Universida­d Nacional Experiment­al del Tachira. He is at present a senior software engineer at Smartmatic, based in Boca Raton, Florida.

7. Mauricio Herrera was one of the key persons working for Marlon Garcia, chief of the Smartmatic technical support team, during the 2016 elections. In June 2017, the Department of Justice found probable cause to charge Garcia, together with Herrera, for violating Republic Act 10175, or the Cybercrime Prevention Act. They were indicted for unauthoriz­ed access of the computer system and intentiona­l and reckless altering of data.

Were these foreigners remotely accessing the AES- CCS during the 2016 national and local elections?

The AES mystery deepens… and Filipino voters deserve an explanatio­n.

 ??  ??

Newspapers in English

Newspapers from Philippines