06Jun2010 (UTC +8) Hello Jan,
On Fri, Jun 4, 2010 at 20:32, jan gestre <[email protected]> wrote: > Hi Drexx, > Heard you did forensics on the PCOS machine found in Antipolo, how's the > investigation doing? It's been very tiring! Haven't had decent sleep and sanity since Thursday, when we first started installing Ubuntu as our two forensics workstations. I can't really comment on our findings so far, because it's too early to make conclusions, and also because Atty. Al Vitangcol III is the main man writing our official report on Monday. However, the TV news people have something to say already... What I can say though is that we haven't found any wireless transmitters hidden in the 3 randomly selected PCOS machines, whether they be bluetooth or WLAN or what-not. My team mates from Congress and Senate will go through the photographed internal chipsets, and research their part numbers so we can have a better understanding if the PCOS does what they're supposed to do: nothing more, nothing less. We were able to successfully copy the Compact Flash cards from 30 of the 60 PCOS machines so far, including the blue (main) and red (backup) CF cards. The time variances of the PCOS machines against synchronized time clocks weren't too dramatic, just several minutes off, and I can easily correct for that in our timeline analysis. We could have done more I believe, but given the amount of people involved, the activism and valid concerns of so many people, and the tremendous hurdles that must be overcome to get permission from different government agencies, I'm really amazed that this project even took off at all. It took no less that the Speaker of the House (Congress) Nograles to start it and ask the cooperation of Senate President Enrile, to request COMELEC to get this exercise going. The resourcefulness of Mario Sulit in the Senate is also great. <Geek speak> What's cool (for Linux enthusiasts) is that we used Ubuntu and several open-source tools to do our work. William Yu of PPCRV came over as a "tourist" and watched us, and we discussed the pros/cons of our tools (mmls, dd, md5sum, sha1sum, mount, Ubuntu vs Fedora or Redhat, etc.). Hecber Cordova of Smartmatic also watched us to see if they agree with our tools and methodology, and they did. Open-source is awesome for forensic analysts because anybody can independently verify stuff on their own and therefore have the assurance they seek. </Geek speak> HUMAN ERROR UNCOVERED IN PCOS FORENSICS TESTS http://www.youtube.com/watch?v=m4TSJggqTFc&hd=1 http://www.abs-cbnnews.com/nation/06/05/10/human-error-not-fraud-uncovered-pcos-forensic-tests By Ryan Chua, ABS-CBN News Posted at 06/05/2010 10:05 PM MANILA, Philippines - Instead of signs of fraud, errors possibly committed by members of the board of election inspectors (BEI) were uncovered when the forensic examination of precinct count optical scan (PCOS) machines found at a poll technician's house resumed at the Senate on Saturday. Ten boxes containing the machines were opened on Saturday morning to check if PCOS machines and their components are complete, and whether or not they have been tampered with. Losing presidential candidate Nicanor Perlas, one of those who actively pushed for the investigation, noted a number of problems with the way PCOS units were packed after voting. A PCOS machine used at a clustered precinct in Inuman Elementary School, for instance, does not have both the main compact flash (CF) card and its back-up. While the main memory card should be in the Comelec's custody, the back-up card must be sealed inside the machine. The back-up memory contains an encrypted copy of election results and a log of the machine's activities. The back-up CF card of another PCOS machine from the same polling center was found in a plastic bag, not inside the machine. "Baka pagod sila (They might have been tired)," Perlas said, referring to BEI members during the close of voting when they are supposed to carefully pack the machines. HUMAN ERROR Aside from this, one machine does not have any of the two i-button security keys used to start the PCOS. Most of the thermal papers do not have a Comelec seal while a printed election return, which was supposed to have been delivered to its recipient, was found inside a PCOS box. "This thing was rushed," Perlas said of the post-voting procedures. "At the level of the precinct, ito na ang lumalabas (This is what comes out)." Heider Garcia, electoral systems manager of poll automation supplier Smartmatic, believes the errors found should not be a cause for alarm because these are "simple human errors." "We can only tell here that they didn't follow the procedure," he said. Garcia said those problems are already beyond Smartmatic's control, and suggested that the BEI members themselves be asked to shed light on them. He maintained that the investigation has so far yielded no proof of fraud. CF CARD AUDIT Perlas said the errors could be indications of fraud, but added that he would rely more on the results of the CF card audit. Along with the PCOS inventory, IT experts from Laggui and Associates are analyzing the contents of the back-up memory cards, which they copied to their computers. Smartmatic insists, however, that the files may only be accessed using facilities at its warehouse in Cabuyao, Laguna because they are encrypted. The Joint Congressional Canvassing Committee ordered the forensic investigation to check for hidden components inside the recovered PCOS machines, which some candidates suspect could have been used for fraud. The 60 machines were found at the house of a Smartmatic technician named Felipe de Leon in Antipolo City 8 days after the elections, when they should have been returned to the Cabuyao warehouse. The technician has denied allegations of fraud, saying he only did his job of protecting the machines after the local Comelec office refused to keep them. On the first day of the forensic examination on Friday, IT experts said they found nothing suspicious inside the machines. Whether fraud is proven or not, however, Senate President Juan Ponce Enrile has said the probe will not affect the canvassing of votes for president and vice president. http://www.gmanews.tv/video/61273/qtv-pcos-machines-found-in-smartmatic-technicians-home-undergo-forensic-analysis QTV: PCOS MACHINES FOUND IN SMARTMATIC TECHNICIAN'S HOME UNDERGO FORENSIC ANALYSIS 06/04/2010 | 01:02 PM http://www.gmanews.tv/video/61332/irregularities-seen-in-some-pcos-machines-taken-from-antipolo-rizal IRREGULARITIES SEEN IN SOME PCOS MACHINES TAKEN FROM ANTIPOLO, RIZAL 06/05/2010 | 06:23 PM Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 0117 15C5 F3B1 6564 59EA 6013 1308 9A66 41A2 3F9B _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
