Wazzup Pilipinas!
Wilhansen Li, professional programmer, co-founder of a software development company, and part-time instructor at Ateneo who read through the source code of the Automated Election System on a pro-bono basis, explains why the accusations of the Bongbong Marcos camp, referring to poll cheating where they claim the votes have been altered during transmission, could not be possible.
The camp of Sen Bongbong Marcos alleged that a new computer command was introduced to the COMELEC Transparency Server that could have boosted the votes of Leni Robredo. They are saying that the server hash codes were altered and suddenly Robredo overtook Marcos with the new incoming votes.
"We received an unsettling information that at past 7:30 pm on May 9, election day, a new script was introduced to the Transparency Server," the camp of Marcos said in a statement.
"Apparently, the execution of this computer command was able to alter the hash code of the packet," they added.
They pointed out that after this new script was introduced, Marcos' lead over Robredo started to "erode at a rather distinctive pattern."
In this article
http://www.rappler.com/.../120281-final-trusted-build-ems...
“Hash codes” of the EMS software will also be generated and released, so that the public could check if the source code had been tampered with.
If I understand this correctly, the hash codes where used to tell if their system was compromised not with the actual votes.
My thoughts as a programmer on the senator's accusations: Let's assume that an altering of the hash codes did indeed happen. The article only mentioned hash codes and nothing else, so let's go with that (rappler called it a script, but that's incorrect as a hash code is totally different and can't be considered a "script" on its own).
Hashing could have many uses, but the safest assumption is they're talking about hashing your candidate choices for security. As a quick crash course about hashing, let's say you register on a website and you type in a password. If the programmers know what they're doing, they would hash your password so that it would be more difficult for any hackers to make any use of it in the event that they gained access to the website's database. For example, the real md5 hash of "12345" is "827ccb0eea8a706c4c34a16891f84e7b". The password that you entered isn't actually saved by the website, only its hashed value. Every time you login and enter "12345", they just recompute the hash again and check if the computed hash matches the hashed value in the database when you registered. They might also "salt" the hash so that its even more unique (but that's a totally separate topic). If hackers somehow gain access to the database, they'll only have the hashes and not your actual password, which is less useful.
This is why if you forgot your password in a website, they require you to just enter a new one because since hashing is one way, they can't actually recover your password via its hashed value. There are some websites where after you register, they send you an email showing you your password. This means these websites are very insecure since they don't hash and I would think twice about visiting them again.
The most important thing to note here is that any value hashed (if done properly) will ALWAYS output the same result each time. If the result of hashing "Leni Robredo" is let's say X, it will always be X no matter what (provided you never change your hashing function). Let's say they did indeed change the saved hashed values such that when you compare hashes, the hash value of Marcos would match Leni's instead to give her the vote, then that should happen 100% of the time since hashing is 100% consistent. What for sure DID NOT happen was simply assigning the hash value of Marcos to Leni, since that would mean Leni gets all 100% of the Marcos votes but that didn't happen as votes for Marcos still increased (albeit slower).
Let's say for the sake of discussion this accusation was true, then what most probably happened was they shifted all hash values round robin style.
Original hashes (just an example obviously):
Marcos -> A
Robredo -> B
Cayetano -> C
Escudero -> D
Trillanes -> E
Honasan -> F
After the cheating change:
Marcos -> F
Robredo -> A
Cayetano -> B
Escudero -> C
Trillanes -> D
Honasan -> E
This is how I would do it if I was the one tasked to cheat the elections only via altering the hash codes and not the actual software code. This would allow them to publish the source code of the voting machines and no one would be able to discover any discrepancies. All the technicalities aside, I seriously do not think they cheated via this way though since the story sounds so wrong. An observer physically noticed the hash codes were updated? You can SSH and control servers located halfway around the world. You would think that if you were to cheat 55 million voters, you'd have the common sense to update the servers remotely and not actually visit the server physically.
More Information About Hash Codes:
These are the Hash Codes of the Softwares used in the 2016 Automated Elections. The three codes are for the EMS, CCS, and VCM, the latter two are what voters should take note of tomorrow.
What are these Hash Codes for?
The VCM - This is the software which runs the PCOS/VCM (counting machine) all over the Philippines. By verifying the Hash Code, you make sure that the software in the machine is authentic. You can verify the Hash Code by looking at the bottom of the Initialization Report (generated before the start of the voting) and the Election Return (generated after the end of the voting).
There is no prohibition in taking pictures of the Hash Code in these two documents.
The CCS - This is the software which runs the canvassing system of the different Board of Canvassers. By verifying the code, you make sure that the canvassing system in the Municipality, City & Provincial is an authentic software.
VCM Hash Code:
A1 47 91 C4 2F DA 95 7C 47 DB E3 EA 52 FB 2A A3
9D BF DA AF F6 83 68 7A 80 B6 9F 61 A1 13 EO F7
CCS Hash Code:
JHhUgS1VQ0h7X6ZmWelpt3H3DhH1RdZn27H8YSIq22E=
Please share it and use the information to verify.
"Apparently, the execution of this computer command was able to alter the hash code of the packet," they added.
They pointed out that after this new script was introduced, Marcos' lead over Robredo started to "erode at a rather distinctive pattern."
Leni Robredo's spokesperson says "if there is basis for Bongbong Marcos' accusations, we ask that they be forwarded to formal channels."
Here is the statement of Li posted on his personal Facebook page:
"TL;DR: they're getting desperate and are lying through their teeth.
1) The VCMs send results to not one, but THREE INDEPENDENT servers. If you ever tried to alter the results in the transparency server, the numbers on the central and national canvassing servers will differ.
2) One surefire way to prove that the transparency server is compromised is by comparing the tallies of it to the central server located here: https://www.pilipinaselectionresults2016.com/#/er/0
3) Just to nitpick (but it shows how technically inept their explanation is): A packet is what we call data that is packaged to be sent between computers. It's like the box that you put your stuff in to have it shipped. It does not have such thing as a "hash code", but it does have a "checksum".
4) Let's give them the benefit of the doubt and say that they probably meant that the data was altered in transit and the hash code of the data is altered in order to fake the data's authenticity. This is also wrong since the data is encrypted AND digitally signed (see https://www.facebook.com/notes/wilhansen-li/laymans-guide-to-aes2016-security/10154102115416000 on what digital signatures are) so just tampering the hash code is not enough and the data will be rejected if it's not signed. Signing the data requires the BEI's private keys which is in the SD cards of the VCM... not in the CCS or transparency server! So you can't just generate fake data on the transparency server alone.
P.S. to play the "an IT expert said X" game, this is written by a professional programmer, co-founder of a software developement company, and part-time instructor at Ateneo who read through the source code of the Automated Election System on a pro-bono basis (i.e. I did it for free, sacrificing my time and money)."
"TL;DR: they're getting desperate and are lying through their teeth.
1) The VCMs send results to not one, but THREE INDEPENDENT servers. If you ever tried to alter the results in the transparency server, the numbers on the central and national canvassing servers will differ.
2) One surefire way to prove that the transparency server is compromised is by comparing the tallies of it to the central server located here: https://www.pilipinaselectionresults2016.com/#/er/0
3) Just to nitpick (but it shows how technically inept their explanation is): A packet is what we call data that is packaged to be sent between computers. It's like the box that you put your stuff in to have it shipped. It does not have such thing as a "hash code", but it does have a "checksum".
4) Let's give them the benefit of the doubt and say that they probably meant that the data was altered in transit and the hash code of the data is altered in order to fake the data's authenticity. This is also wrong since the data is encrypted AND digitally signed (see https://www.facebook.com/notes/wilhansen-li/laymans-guide-to-aes2016-security/10154102115416000 on what digital signatures are) so just tampering the hash code is not enough and the data will be rejected if it's not signed. Signing the data requires the BEI's private keys which is in the SD cards of the VCM... not in the CCS or transparency server! So you can't just generate fake data on the transparency server alone.
P.S. to play the "an IT expert said X" game, this is written by a professional programmer, co-founder of a software developement company, and part-time instructor at Ateneo who read through the source code of the Automated Election System on a pro-bono basis (i.e. I did it for free, sacrificing my time and money)."
 |
| Photo credit to Rappler |
So they are using AES as encryption (a symmetric-key algorithm), which means it uses the same cryptographic keys to decrypt the data so the network cannot be compromised easily.
In this article
http://www.rappler.com/.../120281-final-trusted-build-ems...
“Hash codes” of the EMS software will also be generated and released, so that the public could check if the source code had been tampered with.
If I understand this correctly, the hash codes where used to tell if their system was compromised not with the actual votes.
Franz Sarmiento, programmer, had this to say:
Hashing could have many uses, but the safest assumption is they're talking about hashing your candidate choices for security. As a quick crash course about hashing, let's say you register on a website and you type in a password. If the programmers know what they're doing, they would hash your password so that it would be more difficult for any hackers to make any use of it in the event that they gained access to the website's database. For example, the real md5 hash of "12345" is "827ccb0eea8a706c4c34a16891f84e7b". The password that you entered isn't actually saved by the website, only its hashed value. Every time you login and enter "12345", they just recompute the hash again and check if the computed hash matches the hashed value in the database when you registered. They might also "salt" the hash so that its even more unique (but that's a totally separate topic). If hackers somehow gain access to the database, they'll only have the hashes and not your actual password, which is less useful.
This is why if you forgot your password in a website, they require you to just enter a new one because since hashing is one way, they can't actually recover your password via its hashed value. There are some websites where after you register, they send you an email showing you your password. This means these websites are very insecure since they don't hash and I would think twice about visiting them again.
The most important thing to note here is that any value hashed (if done properly) will ALWAYS output the same result each time. If the result of hashing "Leni Robredo" is let's say X, it will always be X no matter what (provided you never change your hashing function). Let's say they did indeed change the saved hashed values such that when you compare hashes, the hash value of Marcos would match Leni's instead to give her the vote, then that should happen 100% of the time since hashing is 100% consistent. What for sure DID NOT happen was simply assigning the hash value of Marcos to Leni, since that would mean Leni gets all 100% of the Marcos votes but that didn't happen as votes for Marcos still increased (albeit slower).
Let's say for the sake of discussion this accusation was true, then what most probably happened was they shifted all hash values round robin style.
Original hashes (just an example obviously):
Marcos -> A
Robredo -> B
Cayetano -> C
Escudero -> D
Trillanes -> E
Honasan -> F
After the cheating change:
Marcos -> F
Robredo -> A
Cayetano -> B
Escudero -> C
Trillanes -> D
Honasan -> E
This is how I would do it if I was the one tasked to cheat the elections only via altering the hash codes and not the actual software code. This would allow them to publish the source code of the voting machines and no one would be able to discover any discrepancies. All the technicalities aside, I seriously do not think they cheated via this way though since the story sounds so wrong. An observer physically noticed the hash codes were updated? You can SSH and control servers located halfway around the world. You would think that if you were to cheat 55 million voters, you'd have the common sense to update the servers remotely and not actually visit the server physically.
More Information About Hash Codes:
What are these Hash Codes for?
The VCM - This is the software which runs the PCOS/VCM (counting machine) all over the Philippines. By verifying the Hash Code, you make sure that the software in the machine is authentic. You can verify the Hash Code by looking at the bottom of the Initialization Report (generated before the start of the voting) and the Election Return (generated after the end of the voting).
There is no prohibition in taking pictures of the Hash Code in these two documents.
The CCS - This is the software which runs the canvassing system of the different Board of Canvassers. By verifying the code, you make sure that the canvassing system in the Municipality, City & Provincial is an authentic software.
VCM Hash Code:
A1 47 91 C4 2F DA 95 7C 47 DB E3 EA 52 FB 2A A3
9D BF DA AF F6 83 68 7A 80 B6 9F 61 A1 13 EO F7
CCS Hash Code:
JHhUgS1VQ0h7X6ZmWelpt3H3DhH1RdZn27H8YSIq22E=
Please share it and use the information to verify.
Ross is known as the Pambansang Blogger ng Pilipinas - An Information and Communication Technology (ICT) Professional by profession and a Social Media Evangelist by heart.
Post a Comment