Saturday, 29 June 2024

UKRAINE & PH: A TALE OF TWO ELECTION CYBER ATTACKS

 


"Three Dutertes to run for Senate."

The headline-grabbing revelation above sparked the 2025 election suddenly in our political landscape.

Here’s a prerequisite question: Does anyone know what happened in the 2022 election? Why is this a crucial question? The controversial figure of 31 million is turning out to be a sham as far as Former DICT Secretary Eliseo Rio’s valuation is concerned.

Aside from the vital issue of electoral legitimacy and integrity, any political pundit’s analysis of upcoming elections based on the 2022 presidential election results, such as the controversial 31 million figure, will be reduced to a fanciful opinion.


In Jarius Bondoc’s Philstar column Election fraud most evident in 44 of 82 provinces – Rio, the former DICT secretary reports the following highlights:

“Here are ERs of all provinces that were transmitted in the first hour after voting closed at 7 p.m. on Election Day, compared to ERs transmitted in the second hour. These first two hours of counting show rigged results.

“Comelec records show that the Transparency Server received the first ER at 1:08:50 p.m. The first canvassed votes were publicized at 8:02:00 p.m., a span of 53 minutes in the first hour.

“By 8:02 p.m. 39,512 precincts had transmitted ERs comprising 20,676,855 votes. Unusually fast, for it means that 39,512 VCMs transmitted ERs in 53 minutes. This translates to 746 ERs transmitted per minute or 12.4 ERs per second. A world record!

“But that transmission rate wasn’t sustained in the second hour. Logically and historically, more VCMs would be ready to transmit their ERs in the second hour than in the first hour during which nine administrative requirements had yet to be fulfilled.

“From 8:02 to 9:00 p.m., a span of 58 minutes, the number of transmitted ERs dropped to 25,784. That’s only 446 ERs transmitted per minute, almost half of the 746 ERs in the first hour. Comelec can’t explain this sudden drop."

Manipulated and Preprogrammed

“This can only happen if the ER transmission were manipulated and preprogrammed. The manipulation is reinforced by the fact that 44 of 82 provinces had already the same ratio of actual voters to registered voters in the first hour when compared with the second hour.

“This coincidence cannot be the result of the statistical Law of Large Numbers. There is no cause-and-effect relationship between the number of votes in the first hour with that of the second hour.”

Bondoc’s triggering question is on target: “If this isn’t proof of 2022 election fraud, then what is?”

The seeming apathetic public reaction is understandable -- the whole shebang is complex and high-tech. Perhaps, the following fact may help get our heads around this elephant in the room: a similar man-in-the-middle cyber attack happened in the Ukraine presidential election in 2014.


Ukraine election narrowly avoided ‘wanton destruction’ from hackers, bannered The Christian Science Monitor (TCSM) then. A brazen three-pronged wave of cyber-attacks aimed at wrecking Ukrainian presidential elections – including an attempt to fake computer vote totals -- has set the world on notice – and bears Russian fingerprints.

Just days before the election, the Ukrainian Central Election Commission (CEC) was targeted by hackers believed to be associated with Russian groups. The attackers managed to compromise the CEC’s network, deleting critical files and installing malware designed to manipulate the election results. This malware was programmed to display an ultra-nationalist candidate, Dmytro Yarosh, as the winner with 37% of the vote, overshadowing the actual front-runner, Petro Poroshenko, who ultimately won the election.

Man-In-The-Middle Attack

The Ukrainian security team detected unusual activity and anomalies in the data transmission process, which indicated a potential Man-In-The-Middle attack. This attack involves intercepting and altering communication between two parties without their knowledge. In this case, the goal was to manipulate the transmitted election results. (Hello Comelec! Sounds familiar? TNT, stand by.)

During the data transmission, the CEC’s monitoring tools flagged several anomalies. (They were in the character of the anomalies cited by Rio as expounded by Jarius Bondoc in his Philstar columns.)

Unusual Data Patterns. The data packets transmitted from the polling stations to the central server exhibited unusual patterns. ("Can Comelec explain? Presidential rivals got identical votes in NCR"; "Rio: 20-M vote barrage shocked, awed us to silence" - Jarius Bondoc’s Philstar columns)

Suspicious IP Addresses. The CEC monitoring system detected connections from IP addresses not part of the authorized network. These addresses might have been part of the attacker’s infrastructure to intercept and alter the data. ("Rio debunks Comelec chief’s claim that private IP address 192.168.0.2 was legal”; “Rigged? 2022 polls illegally used private internet address – Rio” – Jarius Bondoc’s Philstar columns)

Altered Data. The data being received at the central server showed discrepancies when compared with the expected results. (“How did five presidential bets get identical votes in Manila precincts?” – Jarius Bondoc’s Philstar column)

Awed Us To Silence

While the Ukrainian government narrowly defeated the election cyber-attacks, sad to say, the very much the same cyber-attacks in our elections, as Bondoc banners, “awed us to silence.” It reminds me of then Foreign Secretary Raul Manglapus who once quipped: “If rape were inevitable, one should relax and enjoy it.” The crux of the matter: owing to their vigilance, the Ukrainian cybersecurity experts, were able to discover and neutralize the malware.

“Only 40 minutes before election results were to go live on television… a team of government cyber experts removed a “virus” covertly installed on Central Election Commission computers,” TCSM reported quoting Ukrainian security officials. “If it had not been discovered and removed, the malicious software would have portrayed ultra-nationalist Right Sector party leader Dmytro Yarosh as the winner with 37 percent of the vote (instead of the 1 percent he received) and Petro Poroshenko (the actual winner with a majority of the vote) with just 29 percent.

Backups

How did the Ukrainians pull it off? They were able to restore the vote-tallying system using backups as well as implemented continuous monitoring involving several layers:

Network Traffic Analysis. Uses tools and software to monitor the data packets traveling across the network. Any irregularities or unexpected patterns in the traffic could indicate an intrusion or tampering.

Intrusion Detection System. Detects unauthorized access or anomalies within the networks. Identifies unusual login attempts and changes in data transmission routes.

Endpoint Monitoring. Monitors endpoints, including voting machines and servers for signs of malware or unauthorized software changes.

Do we have those cyber defense safeguards?

Joker

Ana Marie Pamintuan has a striking last five words in her Philstar column “Three-in-one”: “All three [Dutertes] might actually win.”

Empty words – if based on Rio’s analysis in which the iffy 31 million figure in the 2022 presidential election was manipulated and preprogrammed.

Loaded words – if based on the following exposé of former Foreign Secretary Albert del Rosario:

“On February 22, 2019, we received information from a most reliable international entity that high officials from China are bragging that they had been able to influence the 2016 Philippines elections so that Duterte would be president.”

Like a joker, the 2016 and 2022 elections’ results can be a very beneficial or a bad card to have on one’s hands.

Good luck, Philippines!


Content put together in collaboration with ChatGPT

Head collage photos courtesy of Wikimedia Commons, Freepik, & American Hospital Association

Video clips courtesy of YouTube


No comments:

Post a Comment

A WHITE CHRISTMAS DREAM FADES ON TRUMP'S AMERICA

“Goodbye, America.” “I hate it here.” “I already have my tickets.” These headlines – courtesy of The Guardian , Newsweek , and MarketWatch  ...