Comelec dares hackers to crack software

I first read this article two days ago in the Philippine Daily Inquirer.

Let's just say I was appalled and amused by what I read.

Here are some excerpts:

The Commission on Elections (Comelec) is challenging computer hackers to take a crack at the software that will be used in the 2010 elections to prove that the system is secure from fraud and tampering.

The system isn't even in place with the bidding still in its early stages, yet the COMELEC is already arrogant enough to claim that their system is "hack-proof". I've got news for them. There is no system that is "hack-proof".

The list of high-profile institutions which have been hacked in the past include the CIA, the FBI, NASA, the FAA, and various other foreign utilities, even a travel site used by U.S. government agencies. Indian government sites have been subject to cyber-vandalism as well. It probably goes without saying that these entities are in all likelihood light-years ahead of our own COMELEC in using and securing information technology, and yet they have been victimized by hackers.

Is the COMELEC really that IT-savvy that it is cocky enough to think that its system (that's not even in place yet) is really impervious to intrusions? I don't think so. And yet they are goading hackers to try and break into it. If it were a private system I really wouldn't care, but it's a system for what amounts to be the entire electoral system of the country. It is not far fetched to think that some unscrupulous hacker, possibly someone from somewhere outside this country, will take up the challenge "just for kicks" and for the right to brag in cyberspace that he or she has brought down the electoral system of some third world country. Hell I would. Of course, I have scruples.

“By the time a hacker gets into our system, the election is over,” Comelec Executive Director Jose Tolentino boldly declared Monday in a press briefing.

Manipulating election results is not the only reason to hack into the COMELEC's election system. It's possible you can obtain confidential voter information, identify the candidates a voter voted for, or get election results ahead of everyone else. This information could conceivably be valuable for some. And even if the elections were over, manipulating the election results, even if detected, could erode whatever confidence the public may have in their system, thus lowering the credibility of the electoral process as a whole, assuming of course, that there's at least some credibility to begin with.

Programmers and the general public can also scrutinize the source code of the company that will bag the P11.3-billion automation contract for the 2010 national elections.

The source code refers to the set of programs that carries the system’s instructions.

“The winning bidder’s software, the source code, will be open to inspection by the public,” Tolentino told reporters.

“They can look at it line by line to ensure that there is no malicious program inside,” he said.

If I were a hacker dead-set on breaking in the COMELEC's election system, viewing the source code would actually be a bonanza because it will give me an opportunity of identifying weaknesses and vulnerabilities in the system. Frankly, I think it's a bad idea to open the source code to the general public. If they want to prove that the program doesn't have any malicious code, they should just have it examined and certified by a reputable third-party software firm, a non-governmental agency, or an international body. A non-disclosure agreement should be standard, regardless of whichever entity examines the program.

The Comelec will also open the system and the machines to “ethical hackers” or IT experts who would be allowed by the agency to test the system.

“Then there are those who might try to hack the system without telling us. That’s OK. We are open to that,” he said.

It seems to me that they want the automated election system to fail this early on. Hardly any effort seems to be exerted in maintaining the security and confidentiality of the system. If you want the system tested for weaknesses and vulnerabilities, give the job to firms qualified to do so and make them sign non-disclosure agreements as well.

Doubting the Comelec’s readiness to fully automate by May 2010, former Comelec Chair Christian Monsod earlier warned that “software specialists” would now take on the dirty job previously carried out manually by unscrupulous poll personnel and political operatives.

I agree. The COMELEC is even giving these "software specialists" the heads up by showing them the in and outs of the system this early in the game.

For added security, the source code of the chosen system will be stored “in escrow” at the Bangko Sentral ng Pilipinas (BSP), he added.

Frankly, what would be the point, after you have disclosed the source code line-by-line to the public? Well, at least no one gets to tamper with it. Then again, you really don't have to have physical access to the source code to tamper with the system if you're really bent on modifying it.

The Comelec will release the TOR documents, priced at $20,000 per set, on March 18.

It's amusing that the COMELEC is 100% confident with success of the election system, when basically all they have to show for is a set of specifications (the TOR, or Terms of Reference) and not the finished product.

I don't know about you, but I'm not exactly brimming with confidence with the way the COMELEC is handling the automation of the 2010 elections. While I would like to think that they are indeed sincere in their objective of keeping the elections honest, at the back of my mind I still can't help but think that they are in over the heads, considering that none of them seem to really understand the technology or even how to properly use it.

Well, let's see what happens.

Comments

Post a Comment

Popular posts from this blog

Commonwealth Ave. lot for Lease

Image
For lease, 261 sqm commercial lot near east-bound lane (going to Fairview) of Commonwealth Ave. Quezon City, between Tandang Sora and Ever Gotesco, directly opposite PNB . Accessible via 50m access road. No improvements on said property. For inquiries call 09228692272 or email ronallandottk@yahoo.com
Read more

Is aspartame safe?

Image
Do you know what aspartame is? Well, even if you don't, given its ubiquitous nature, its a virtual certainty that you have already crossed paths with it in your life at one time or another. For the uninitiated, aspartame is a low-calorie sugar substitute most often used in carbonated beverages, you know, the diet or lite variety. Here in the Philippines, it is commonly known by the brand names NutraSweet and Equal . The reason why it has significantly fewer calories is because its not carbohydrate based. Its a methyl (methane derivative) ester (organic compound) dipeptide (two amino acids joined by a single peptide bond) consisting of aspartic acid as the first amino acid, and phenylalanine as the second. Its about 180 times sweeter than typical table sugar, and as such, a little goes a long way. A single pellet of Equal (18 mg of aspartame) has about the same sweetening strength as a teaspoon of ordinary white sugar (about 5 ml). Do the math. It was first discovered in 19
Read more

Peddling Snake Oil - The Khaos Super Turbo Charger

Image
Photos courtesy of Ghosthunter If you drive or are at least into cars, no doubt you've probably heard at one time or another about the Khaos Super Turbo Charger . It's a device that is claimed to drastically reduce the fuel consumption of your gasoline driven vehicle by as much as 50%. It created such a hype when it was introduced in November 2003 after glowing reviews and endorsements from, among others, the Department of Energy (DOE), the Makati Land Transportation Office (LTO) and Taiwan’s Automotive Research and Testing Center. Even MalacaƱang got into the picture, and presented the inventor, Pablo Planas, with a Presidential Award Medal for Outstanding Invention. All in all, various government agencies and government officials got into the picture, singing the praises of a device that miraculously reduces fuel consumption by a significant margin. As a result, in less than a year, more than 3,500 units were sold and installed to customers who swear by the product's effe
Read more