AES mystery deepens, remotely accessed by Venezuelans?
JUST like reading a mystery thriller series, the Smartmatic- provided technology for our automated election system ( AES) deepens as the plot unravels through its pages. Of course, this AES tale is not on paperback, but slowly revelations are made to us.
I was one of the first to have a look at the audit logs of the canvassing and consolidation system ( CCS) in one municipality recently released and decrypted by the Commission on Elections ( Comelec) on the strength of a court order.
Server logs
The CCS audit logs are technically server logs. These logs serve a twofold purpose. One is to monitor and record all the activities that transpired within that particular computer system or server. Another is to get feedback about the performance of the server as well as any problems that may be occurring there. In case of an abnormal shutdown, the logs can be used as a basis to trace and eventually resolve what went wrong in the system.
- ple (thus, understandable to a non-techie guy) or complex and gibberish. The contents of these entries are controlled by
also includes the option of excluding certain events to be logged.
Here is a sample simple log file entry. 15: 17: 15, 559 INFO [ com. smartmatic. ssp. services. database. DatabaseServiceImpl] ( MSC service thread 1- 6) Database successfully installed for module canvassingManagement. [ required: 34, installed: 52]
The entry starts with the system time, followed by the event number, the type of log, the module responsible for the event, message service thread, and a customizable description of the event.
Thus, the event was recorded at 3:17 p.m., the log is merely informational “INFO”, and the database was installed for use by the Canvassing Management system.
Some log file entries may be too complex for the ordinary non- techie reader. For example —
15: 29: 31,816 INFO [ org. hornetq. core. server. impl. HornetQServerImpl] ( MSC service thread 1- 8) live server is starting with configuration HornetQ Configuration ( clustered= false, backu p= false, sharedStore= true, journalDirec tory=/ opt/ jboss/ standalone/ data/ mes sagingjournal, bindingsDirectory=/ opt/ jboss/ standalone/ data/ messagingbi too big (and growing by the day) to be ignored. Estimates show that in 25 years almost one-third of the population of the US, Japan and most European countries would be nearing retirement age. Unlike the Philippines, the ties that bind families in these countries are not as “strong,” where elders are often left to fend for themselves. These elders, one may further note, are not “freeloaders,” boosting financial viability of these investments.
4. Organic agriculture
The objective is to help local farmers compete with the established producers and traders by organizing and continuously training them, and providing them with the required start-up and working capital requirements. The “organic” niche can help them stand out from the competition.
5. Franchisee for disaster relief LGUs can “subcontract” from DSWD its disaster relief operations on a billme-later basis. Government personnel, except probably those who have military or police training, are hardly known for their skills in logistics management. But all other things being equal, LGUs are in a better position to respond more effectively to disaster relief needs due to their proximity to affected areas.
In conclusion, I tried to show that LGUs do have many opportunities to innovate on their service delivery systems by investing in projects that are outside of their usual development portfolio. A robust structure for managing public debt, led by the Bureau of the Treasury, exists. It can be tapped to help them generate the funds they need from the domestic capital market.
that contains bundled
Java resources and metadata. It
class is usually a
supplying the necessary Java libraries and application software on a Java program-
be programmed to manipulate the data in the source database.
On the connection side, Java Database Connectivity ( JDBC) was employed. JDBC is an application programming interface ( API) which allows the programmer to connect and interact with databases. The API in turn lets the programmer encode access request statements in Structured Query Language (SQL) that are then passed to the program that manages the database. It returns the results through a similar interface.
The logs also revealed the presence of HornetQ. It is an open source project to build a multi- protocol, embeddable, very high performance, clustered, asynchronous messaging system.
Foreign personalities
files In this particular entry of the log files —
16: 08: 35,340 INFO [ liquibase] ( MSC service thread 1- 5) / opt/ jboss/ standalone/ configuration/ modules/ all/ database/ module- database. xml: / opt/ jboss/ standalone/ configuration/ modules/ all/ database/ install/ GRANT_ TABLES/ GRANT_ 1255_ AES .CORE_LOG_TO_AES . XML:: 1426793917843- 1255:: Roberto. Tortolero : Custom SQL executed
— the name of the user, Roberto Tortolero, appeared. He installed the AES core log and executed a custom SQL code. Who is Roberto Tortolero?
Other user names that were recorded in the log files include Ramón A. Burgos, Alejandro García, Nollymar Longa, Andy Nuñez, Daniel Bastidas, and Mauricio Herrera. Who are these people?
Thank God there is Google ( though not everything in Google is correct). I searched for the profile of these guys and found out the following:
1. Roberto Tortolero is a consultant for mobile platforms at RTE Panama. He worked as a software engineer with Smartmatic from September 2015 to April 2016.
2. Ramón A. Burgos is a software engineer currently working at Smartmatic. He has a master’s in computer security degree and graduated from Universidad Politecnica de Cataluña.
3. Alejandro García is a web programmer at PAICA, Caracas Area, Venezuela. He used to be an employee of Smartmatic.
4. Nollymar Longa, with a master’s degree from Universidad de Chile, is now with a Panama- based computersoftware firm, dotCMS. He used to be with Smartmatic, from February 2010 to March 2016.
5. Andy Nuñez is presently a Software Developer at HomesUSA. com at Fort Lauderdale Area, Miami, Florida. He used to be a Senior Software Engineer at Smartmatic from March 2012 to March 2014.
6. Daniel Bastidas graduated from the Universidad Nacional Experimental del Tachira. He is at present a senior software engineer at Smartmatic, based in Boca Raton, Florida.
7. Mauricio Herrera was one of the key persons working for Marlon Garcia, chief of the Smartmatic technical support team, during the 2016 elections. In June 2017, the Department of Justice found probable cause to charge Garcia, together with Herrera, for violating Republic Act 10175, or the Cybercrime Prevention Act. They were indicted for unauthorized access of the computer system and intentional and reckless altering of data.
Were these foreigners remotely accessing the AES- CCS during the 2016 national and local elections?
The AES mystery deepens… and Filipino voters deserve an explanation.