The Philippine electoral system is vulnerable to cyberattack and the government may not be prepared for it, an American cybersecurity expert has warned.

Marc Goodman, founder of the Future Crimes Institute and chairman of policy, law and ethics at Silicon Valley’s Singularity University, said governments around the world, particularly the Philippines, were woefully unprepared for threats brought by the automation.

The capability of the government to protect its cyber assets was placed in doubt after the “biggest data breach in history” in March 2016, when the database of voters was hacked by the Anonymous group more than a month before the May 2016 national elections.

“Here in the Philippines there has been hacking of the elections as well when in April 2016, the website of the Commission on Elections (Comelec) was taken over by the Philippine group of Anonymous to show how hackable the elections were,” he said during the PilipinasCon 2018, a forum on Cybersecurity and the Internet of Things, in Taguig late Wednesday.

Goodman noted that data of over 55 million voters, 200,000 emails, 2.3 million passport details, and 15.7 million fingerprints were leaked and became available in the dark web, a hidden part of the World Wide Web that cannot be easily accessed by normal sites.

“That was the largest government data breach in world so far and it was carried out by a 23-year old Filipino,” he pointed out.

The Anonymous, an association of “hactivists,” later claimed it was responsible for the hacking of the encrypted data of Comelec and warned the government to ensure fair and honest national elections.

In April 2016, the National Bureau of Investigation arrested Paul Biteng, a 23-year-old graduate of information technology, for the hacking incident.

‘DEF CON scenario’

Goodman also cited a scenario discussed in DEF CON, an underground hacking conference, which proved that voting machines were “hackable.”

“In that DEF CON, they were able to break into 25 different vote-counting machines remotely and directly which means that every single counting device is hackable,” Goodman said.

With the rising cybercrimes around the world, attacks may cost businesses $2 trillion by 2019, according to data from market research firm Juniper.

“The threat in cybercrime is growing exponentially but our defenses are not, and that’s what we need to fix,” Goodman said.

Goodman urged businesses and the government to invest in the right machines and implement a cybersecurity plan to boost systems against attacks.

“We have to think like hackers in order to protect ourselves and [hold]a cybersecurity fire drill so we will know what to do when we are under threat,” he said.

SD cards tampered with?

On Thursday, Sen. Francis Escudero raised the possibility that the result of the 2016 national elections could change “to a certain degree,” as he claimed to have in possession backup SD (secure digital) memory cards used in the last polls, which were not a “mirror image” of the original memory cards.

Escudero, co-chairman of the Joint Congressional Oversight Committee on the Automated Election System, revealed this as the Commission on Elections delivered a report on the 2016 elections.

“I have records to show that the backup is not a mirror image of the main SD. A lot of them,” Escudero told Comelec officials during the panel’s organizational meeting.

“If it is not the accurate picture or carbon copy of the main drive, it might change the result (of the elections) to a certain degree. To what extent? I don’t know. We cannot really tell at the moment,” he said.

The senator, who ran for vice president in 2016 but lost to former Camarines Sur Rep. Maria Leonor “Leni” Robredo, said he would soon present a witness to validate his claim.

Former senator Ferdinand Marcos Jr., who also ran for the vice presidency, has a pending protest against Robredo before the Presidential Electoral Tribunal (PET). He claims the vice-presidential election was tainted with massive cheating.

“We don’t even know which was used as back up and which were used as main. How can we expect it to be accurate down to the last vote?” Escudero asked acting Comelec chairman Robert Lim.

In an interview after the hearing, Escudero said he was able to get a printout of the poll results.

“The question is, where is the record backup drive? Apparently, Comelec has no record,” he said.

Comelec buys Smartmatic’s machines

Amid allegations of cheating in the 2016 polls, the Comelec maintained that its decision to renew the contract of Venezuela-based technology provider Smartmatic Corp. to supply vote-counting machines (VCMs) for the May 2019 elections was above board.
Commissioner Luie Tito Guia made the clarification on Thursday in reaction to the claim of defeated senatorial candidate Francis Tolentino that the Comelec-Smartmatic deal was highly irregular.
“It is not true [that the contract was done in secrecy],” Guia told The Manila Times, stressing that the Comelec as a body scrutinizes and approves every contract through a resolution.
“Of course it is legal. Decision was made on December 18, 2017 after months of consultation with stakeholders, meetings with the advisory council,” Guia stressed.

The Comelec-Smartmatic contract was signed three weeks ago by the acting Comelec chairman, Senior Commissioner Christian Robert Lim, who is retiring on Friday.

Comelec spokesman James Jimenez earlier explained that the Commission merely exercised its “option to purchase (OTP)” the 95,517 VCMs it leased from Smartmatic for P8.1 billion for the 2016 synchronized national and local elections.

He added that the decision was unanimously approved by the Comelec En Banc and covered by a Minute Resolution dated December 18, or three weeks before the OTP expired on January 8.

Jimenez explained that the commission made a unanimous decision to exercise the OTP because the P8.1-billion budget approved by the Department of Budget and Management for next year’s elections was not enough.

It would be more economical for the Comelec to exercise its OTP rather than hold a bid again for the lease of brand-new counting machines, Jimenez said.

Out of the P8.1 billion, P4.3 billion will be used to cover the costs of some components of the automated election system alone, he said.