By Francisco Tatad | The Manila Times
A SERIES of timely and highly informative lectures on “Cyber Security and the Internet of Things,” organized by Global Chambers Manila at Enderun Colleges in Bonifacio Global City, Taguig on Wednesday, took the audience on a tour of the digital world, and showed them how cyber technology could be used for or against mankind, exponentially.
One of the most striking statements I heard in the forum was that because of the exponential growth of technology, we won’t experience a hundred years of progress in our century, but more likely 20,000 years of progress (at today’s rate.) Of course, cyber criminals could scale their crimes against individuals, institutions and society correspondingly.
Major hackings recalled
Marc Goodman, author of the international best seller Future Crimes and keynote speaker, recalled some major instances of hacking, in which 100 banks in 30 countries were hacked, three billion Yahoo accounts were hacked, and the financial data of 110 million customers were hacked. Some of these hacks benefited from Filipino ingenuity.
On May 5, 2000, Onel de Guzman, a Filipino undergraduate, released the “I love you” virus through email, a worm capable of replicating itself, which attacked millions of Windows personal computers at an estimated cost of $10 billion in damages.
In 2011, recalls Goodman in his book, which Amazon has chosen as its best book of the year, Philippine police working with the FBI uncovered a telephone hacking scam that defrauded AT&T and its business customers of $2 million. The hacking cell was working with Jamaah Islamiyah and funneled the money back to a Saudi-based group that in turn funded the Pakistani-based Lashkar-e-Taiba, the terrorist group responsible for the 2008 bombing of Mumbai, India, that killed and maimed hundreds.
In 2012, again the book recalls, a previously unknown hacker group called Cutting Sword of Justice admitted carrying out the most destructive computer sabotage against a company when it targeted the oil and gas giant Aramco. The attack took place on the eve of one of the holiest nights in the Islamic calendar, Lailat al-Qadr, the day Muhammad is said to have revealed the Koran to his followers, and Aramco’s 55,000 employees were at home celebrating with family and friends. At stake, 260 billion gallons of oil, valued at $8 trillion.
An unknown insider, according to the book, had inserted an infected USB thumb drive into a single PC connected to the company’s computer network. Within minutes, the drive’s viral payload, known as Shamoon, spread like wildfire across all of Aramco’s corporate computers. Shamoon erased 75 percent of the company’s 30,000 corporate hard drives, wiped out documents, spreadsheets, e-mails, files and replaced everything with an image of a burning American flag.
In 2013, Target stores across the US were hacked, compromising the financial data of 110 million of its customers. Never before in the history of humanity has it been possible for any one person to steal 110 million of anything, let alone concurrently rob more than 100 million people, says the book.
The hack was reportedly masterminded by a 17-year-old hacker in Russia.
The biggest hack
This record was overtaken in August 2014 when a Russian hacking group gathered 1.2 billion user names, passwords, and other confidential data from 420,000 Web sites, according to Hold Security.
But not all cybercrimes are attributable to cyber criminals. If Edward Snowden is to be believed, big government is behind hacking activities not only against other governments, but against its own citizens. Since June 2103, Snowden, a former CIA employee and NSA contractor who has sought refuge in Russia, has revealed that 120 billion calls around the world belonging to French and German citizens are recorded every month by US cyber technical operatives.
Russia is accused of having used its cyber technology to help Donald Trump win the US presidency. US official investigators are still trying to produce concrete evidence of this. Meanwhile, Goodman in his book quotes the St. Petersburg Times as saying that President Vladimir Putin employs an “invisible army of social media propagandists” to generate up to 40,000 comments a day on his behalf.
This, however, pales in comparison to what China is capable of doing. Goodman’s book quotes the Beijing News and other state media reports as saying that China employs approximately 2 million online propaganda workers to help shape online public opinion and manage domestic Internet surveillance. In 2013, China’s propaganda chief directed his 2.06 million netizens to open social media accounts on social media sites like Weibo, a Twitter-like micro-blogging site, in order to spread “positive energy” and guide sensitive discussions in a positive direction, says Future Crimes.
A State of the Internet Report by Akamai, the leading US content delivery network (CDN) services provider, says China is the source of 41 percent of all of the cyber attacks in the world. But China consistently denies this allegation. A Google search for the phrase “China denies hacking” yields a mere 35 million such denials, according to Future Crimes.
Scary as all these hacking stories are, none seemed to scare the audience more than the hacking of the democratic process. This refers specifically to the hacking of automated elections. In the US, the regular convention of hackers (Defcon) has successfully demonstrated in 40 hacking villages that all automated electoral systems are hackable.
In the Philippines, the last four elections are living demonstrations of this proposition. This happened in the 2008 elections in the Autonomous Region in Muslim Mindanao, the 2010 presidential elections which elected President B. S. Aquino 3rd, the 2013 senatorial elections where Aquino’s candidates swept the polls even in opposition areas where they were hardly known, and the 2016 vice-presidential elections.
In the last elections, VP candidate Sen. Ferdinand Marcos Jr. was leading the race by about a million votes from the closing of the polls, but lost the final count to Liberal Party’s Leni Robredo by 241,000 votes in the early hours of the next day after Marlon Garcia, the Venezuelan project manager of Smartmatic, entered and exited the transparency server without any explanation of what he was doing there and without any authority from the Commission on Elections.
In one of Wednesday’s presentations, it was shown that although the Board of Canvassers was not supposed to convene until 3 p.m. of May 9, 2016, the day of the elections, the municipality of Ragay, Camarines Sur started transmitting voting “results” at 6.46 a.m. of May 8, 2016, and Marawi started doing the same at 11:39 p.m. of the same day.
Was there foreign intervention?
Outside of the legal transmission hierarchy, which identified the various points involved in the transmission of results from the precinct to their ultimate destination, namely the Comelec with respect to the senatorial votes, and the Congress with respect to the presidential and vice- presidential votes, there appeared an unexplained tunnel to the US through an Amazon server.
This was the first time I saw this presentation.
This necessarily raises the question: Just as some Americans are asking if there was Russian intervention in the last US presidential election to make Donald Trump president, was there outside intervention in our vice-presidential election to make Robredo win? The prevailing theory is that since the LP presidential candidate Manuel “Mar” Roxas had no chance of overtaking the frontrunner Rodrigo Duterte, the LP poured out all its resources on Robredo in an effort to make her win as vice president, so that she could succeed as president in case the LP succeed in ousting DU30 later.
It turns out that in August 2013, the USAID granted the Gerry Roxas Foundation $24 million through a five-year contract to manage a grant-making facility for non-state institutions through the Philippine-American Fund Project. Did this have anything to do with supporting the LP’s bid to keep its hold on government?
In all this, Smartmatic, the Venezuelan service provider, has been the main instrument for hijacking our democracy by perverting the conduct of our elections. Smartmatic, which a song-and-dance number spoofed as “Smart Magic,” must be expunged from our political system, not permanently grafted into it.
In a video presentation, Alek Boyd, a well-known blogger and editor of INFODIO, reviewed Smartmatic’s performance around the world from the time it was started in Olivetti, Italy, as a lottery operation to the time it was sold to Venezuela for $50 million.
It’s not only in Mexico, Brazil and Venezuela where Smartmatic has bungled elections, Boyd said; there’s not a single place where Smartmatic has operated without provoking serious allegations of fraud. US-based John San Pedro, founder of Incubix Technologies, said he could create a replacement technology for Smartmatic in three weeks; and Filipino engineers have been insisting even before 2016 that Filipino technology be employed to conduct our automated elections.
But in gross disregard of the fact that Smartmatic is facing a criminal case on account of Marlon Garcia’s illegal behavior during the 2016 transmission of votes, and the massive objections to Smartmatic’s continued presence in our political process, the Comelec decided to purchase 97,517 Smartmatic vote-counting machines for the 2019 elections.
Midnight act or daylight robbery?
The contract was signed by acting Comelec chair Robert Lim hours before he retired at the end of office hours on Wednesday. It was the most shameless midnight act of a departing official, if ever there was one, but Lim refused to see anything wrong with it. Perhaps, midnight is not the right word to use, but a daring heist in broad daylight.
At the panel discussions, Ivan Uy, former chairman of the Comelec Advisory Council, and IT experts Nelson Celis, Bettina Quiamson, Henry Aguda and Alan Cabanlog all agreed that the election technology is intrinsically neutral but it could be compromised if the election managers are compromised. It is now for PDU30 to undo what the Comelec has done, and get rid of Smartmatic.