The Manila Times – AES mystery deepens, remotely accessed by Venezuelans?

By Al S. Vitangcol 3rd | The Manila Times

JUST like reading a mystery thriller series, the Smartmatic-provided technology for our automated election system (AES) deepens as the plot unravels through its pages. Of course, this AES tale is not on paperback, but slowly revelations are made to us.

I was one of the first to have a look at the audit logs of the canvassing and consolidation system (CCS) in one municipality recently released and decrypted by the Commission on Elections (Comelec) on the strength of a court order.

Server logs
The CCS audit logs are technically server logs. These logs serve a two-fold purpose. One is to monitor and record all the activities that transpired within that particular computer system or server. Another is to get feedback about the performance of the server as well as any problems that may be occurring there. In case of an abnormal shutdown, the logs can be used as a basis to trace and eventually resolve what went wrong in the system.

The entries in the log files can be simple (thus, understandable to a non-techie guy) or complex and gibberish. The contents of these entries are controlled by configuring the log file manager, which also includes the option of excluding certain events to be logged.

Here is a sample simple log file entry.

15:17:15, 559 INFO [com.smartmatic.ssp.services.database.DatabaseServiceImpl] (MSC service thread 1-6) Database successfully installed for module canvassingManagement. [required: 34, installed: 52]

The entry starts with the system time, followed by the event number, the type of log, the module responsible for the event, message service thread, and a customizable description of the event.

Thus, the event was recorded at 3:17 p.m., the log is merely informational “INFO”, and the database was installed for use by the Canvassing Management system.

Some log file entries may be too complex for the ordinary non-techie reader. For example —

15:29:31,816 INFO [org.hornetq.core.server.impl.HornetQServerImpl] (MSC service thread 1-8) live server is starting with configuration HornetQ Configuration (clustered=false,backup=false,sharedStore=true,journalDirectory=/opt/jboss/standalone/data/messagingjournal,bindingsDirectory=/opt/jboss/standalone/data/messagingbindings,largeMessagesDirectory=/opt/jboss/standalone/data/messaginglargemessages,pagingDirectory=/opt/jboss/standalone/data/messagingpaging)

Resources revealed
A thorough reading of the server logs established some of the technical resources used by Smartmatic in developing the CCS.

For the operating system, they used Linux, probably the RedHat version since there were accesses made to the http://www.hibernate.org/dtd/site. The databases used are Oracle and MySQL.

The log entries showed that they used Java Archive (JAR) files. It is a file format that contains bundled Java class files along with associated image/sound files, resources and metadata. It is usually a single, compressed file mostly used for supplying the necessary Java libraries and application software on a Java programming platform. Take note that a JAR file can be an executable file, meaning it can be programmed to manipulate the data in the source database.

On the connection side, Java Database Connectivity (JDBC) was employed. JDBC is an application programming interface (API) which allows the programmer to connect and interact with databases. The API in turn lets the programmer encode access request statements in Structured Query Language (SQL) that are then passed to the program that manages the database. It returns the results through a similar interface.

The logs also revealed the presence of HornetQ. It is an open source project to build a multi-protocol, embeddable, very high performance, clustered, asynchronous messaging system.

Foreign personalities
In this particular entry of the log files —

16:08:35,340 INFO [liquibase] (MSC service thread 1-5) /opt/jboss/standalone/configuration/modules/all/database/module-database.xml: /opt/jboss/standalone/configuration/modules/all/database/install/GRANT_TABLES/GRANT_1255_AES.CORE_LOG_TO_AES.XML::1426793917843-1255::Roberto.Tortolero : Custom SQL executed

— the name of the user, Roberto Tortolero, appeared. He installed the AES core log and executed a custom SQL code. Who is Roberto Tortolero?

Other user names that were recorded in the log files include Ramón A. Burgos, Alejandro García, Nollymar Longa, Andy Nuñez, Daniel Bastidas, and Mauricio Herrera. Who are these people?

Thank God there is Google (though not everything in Google is correct). I searched for the profile of these guys and found out the following:

1. Roberto Tortolero is a consultant for mobile platforms at RTE Panama. He worked as a software engineer with Smartmatic from September 2015 to April 2016.

2. Ramón A. Burgos is a software engineer currently working at Smartmatic. He has a master’s in computer security degree and graduated from Universidad Politecnica de Cataluña.

3. Alejandro García is a web programmer at PAICA, Caracas Area, Venezuela. He used to be an employee of Smartmatic.

4. Nollymar Longa, with a master’s degree from Universidad de Chile, is now with a Panama-based computer-software firm, dotCMS. He used to be with Smartmatic, from February 2010 to March 2016.

5. Andy Nuñez is presently a Software Developer at HomesUSA.com at Fort Lauderdale Area, Miami, Florida. He used to be a Senior Software Engineer at Smartmatic from March 2012 to March 2014.

6. Daniel Bastidas graduated from the Universidad Nacional Experimental del Tachira. He is at present a senior software engineer at Smartmatic, based in Boca Raton, Florida.

7. Mauricio Herrera was one of the key persons working for Marlon Garcia, chief of the Smartmatic technical support team, during the 2016 elections. In June 2017, the Department of Justice found probable cause to charge Garcia, together with Herrera, for violating Republic Act 10175, or the Cybercrime Prevention Act. They were indicted for unauthorized access of the computer system and intentional and reckless altering of data.

Were these foreigners remotely accessing the AES-CCS during the 2016 national and local elections?

The AES mystery deepens… and Filipino voters deserve an explanation.

Back to Blog