This article is in two parts – 1. how hacking of IEBC Servers helped in the rigging August 8th Presidential Elections through manipulation of results from some 11,000 polling stations, and 2 why such hacking should have been inconsequention in the first place.
Part 1 – Hacking of IEBC Servers in relation to altering results in some 11,000 polling stations
August 8th 2017 Presidential Election was stolen through unauthorized access to IEBC Servers. Some call this unauthorized access ‘hacking’ and they are right. Broadly speaking, hacking is defined as gaining unauthorized access to ICT Systems that include computers, servers, phones, networks, and others.
Although IEBC and its ICT service providers denied that their systems were hacked simply because they understand hacking in the narrow sense of someone taking advantage of system’s security weaknesses, a quick audit of the IEBC Servers as ordered by the Supreme Court revealed that the IEBC Servers had unauthorized access both by the IEBC Chair and other unauthorized personnel. These unauthorized access or hacking would lead to a stolen Presidential Election as explained in subsequent paragraphs.
The theory goes like this: the IEBC Servers were hacked, results of August 8th Presidential Elections altered, then fake results displayed to the public. The next problem was to have those fake results that the public had seen match results recorded in forms 34B. To do that, fake forms 34B were printed and data closely matching those already displayed to the public entered therein. The next problem was to have results in forms 34A match those in fake forms 34B. The same forgery done for forms 34B was then done for forms 34A. This is why IEBC did not have over 11,000 forms 34A ready by the time Wafula Chebukati was announcing Uhuru Kenyatta the winner.
The hacking of IEBC Servers was targeting some 11,000 polling stations that kept on rearing their ugly heads in the run up to August 8th elections and during the Supreme Court proceedings. As August 8th drew near, Ezra Chiloba announced that some 11,155 polling stations would not be able to immediately transmit their results to the National Tallying Centres because they were located outside 3G/4G networks. Wafula Chebukati would later clarify that those polling stations would be able to transmit easy to manipulate text only results. The scanned forms 34A from the affected polling stations were to be transmitted later on availability of 3G/4G or Satellite networks.
On the day of announcing the final results, Orengo and his team told the media that Chebukati declared Uhuru Kenyatta the President without the backing of some 11,000 forms 34A. Four days after Uhuru was declared the winner, IEBC was still not in a position to give NASA Secretariat some 11,000 forms 34A as they hadn’t received them from various polling stations across the country.
During the Supreme Court Proceedings, Orengo demonstrated that several forms 34Bs they had received from IEBC were lacking a number of security features, including absence of watermarks, forms not being signed, others not passing anticopy tests, whereas others displaying foreign names as Constituency names when scanned through Android barcode reader.
NASA would then request the Supreme Court to order for an audit of the forms and IEBC servers, a request that was granted. The audit revealed that several forms 34B lacked security features and those forms affected slightly over 5.3 million registered voters. The 5.3 million voters that were affected takes us back to the figure 11,000. This you can calculate by considering that a polling station had an average of 481 registered voters. The other way to arrive at the number 11,000 from the scrutiny of forms 34B is to consider that the total number of forms 34B that had issues were 80, and averagely one form 34B had results from 141 polling stations – thus fake forms 34B affected some 11,280 polling stations.
The other scrutiny that Supreme Court ordered was for Supreme Court tech team, NASA and Jubilee be allowed a read only access to IEBC Servers with ability to copy necessary data. This preliminary access and audit revealed that Chebukati alone performed some 9,934 unauthorized transactions. There were other unauthorized people working for Jirongo and Jubilee that also had performed transactions in the IEBC Servers, making the total unauthorized transactions be around 11,000.
Part 2: Hacking of IEBC Servers should have helped no one if the Constitution was followed
The above analysis clearly show how the rigging was hastily planned and implemented, and also points to where someone interested to do forensic audit should focus on. The manipulation of results from the 11,000 polling stations however reveal one thing, the Constitutional provision that presidential elections are held in each constituency was not followed, and that if the Constitutional provision was followed, then the hacking of IEBC Servers could have been irrelevant. That is, even today, anyone interested in hacking IEBC servers should know that such hacking is irrelevant and inconsequential as long as the Constitutional procedure for electing a president is strictly followed.
Right now, there is message going around in NASA support base that there are Jubilee sympathizers who have already hacked a plan to hack IEBC Servers and consequently manipulate the results. This however should not worry NASA supporters if they together with their Principals push for strict adherence to the constitutional process of presidential elections.
The Constitutional process of holding presidential elections is as follows:
- That IEBC, political parties through party agents, the Media and independent observers ensure that elections are properly conducted in every single polling station,
- That the results of elections in every polling station are properly recorded in authentic documents,
- That the recorded results are properly and securely transmitted to the Constituency Tallying Centres,
- That the results are properly verified and tallied at the Constituency Tallying Centres,
- That the properly verified and tallied Constituency Results are publicly announced by the Constituency Returning Officers in full glare of party agents, independent observers and the Media, and
- That the Media broadcast live the announcement of the Constituency Results.
In the above Constitutional Process, IEBC, Political Parties and any other interested party would get their official results from the live coverage of announcements done at the Constituency Tallying Centres. The process therefore renders a National Tallying Centre with its electronic components irrelevant, and if such a System exists, then its existence would only be to help IEBC easily backup the results as sent from polling stations and Constituency Tallying Centres.
For the interest of the public, IEBC’s National Tallying Centre must not display the results they receive from the polling stations. What they should display are the results being received by each Constituency Tallying Centre. The details of how that can be made possible is beyond the scope of this article.