Solon seeks joint congressional probe on alleged Comelec hacking

Stressing that reports that the Commission on Elections (Comelec) servers may have been compromised in another hacking incident could raise serious questions on the integrity of the upcoming elections, Samar Congressman Edgar Mary Sarmiento said the House and Senate should immediately convene a joint oversight investigation to find the truth about this incident.

Sarmiento said that Congress can exercise its oversight powers over the implementation of Republic Act No. 8436 or the Automated Election Law and this report of a serious breach on the server of the Comelec must be thoroughly investigated to check if the automated system is free from manipulation and possible wholesale cheating.

Sarmiento noted that although the Comelec refuted some of the information that was cited in the Manila Bulletin story that reported the alleged hacking incident, it has not categorically ascertained if there was a hacking incident or not.

Sarmiento said that without this assurance, it is best for Congress to step in and find out if the election in May has not been seriously compromised.

Sarmiento noted that since the election automation has begun, he has heard stories of people claiming to have remote access to the polling machines who are offering their services to candidates especially those running for national positions.

He added that this is not the first time that the Comelec has been hacked. Five weeks before the 2016 elections, hackers also managed to illegally copy its database of around 55 million voters’ registration information.

“There are only two reasons why this hacking incident could happen. One is, the Comelec has poor network security protocols and the second is, it is an inside job.  We should make sure if this hacking incident happened or not. We cannot just take the Comelec’s word for this. We need to know the basis of the story. If there was a hacking incident, we need to know if this is serious enough that the poll results can be manipulated electronically,” Sarmiento said.

Sarmiento said that the joint probe should invite the author and find out if the report has a factual basis or was only sourced from people who are interested in destroying the integrity of the upcoming elections.

“I understand the author is also into IT so we should also know the basis of his report. We need to understand how he got this story. This issue is a matter of public interest. We need to know the truth about this alleged hacking incident,” Sarmiento said.

According to the Manila Bulletin story, a group of hackers was allegedly able to breach the servers of the Comelec and has downloaded more than 60 gigabytes of data including, among others, usernames and PINS of vote-counting machines (VCM).

The report added that the other downloaded files are highly sensitive data such as network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.

The Comelec only claimed that the VCM could have not been hacked or stolen because “such information still does not exist in COMELEC systems simply because the configuration files – which includes usernames and PINs – have not yet been completed.”