Final DCI and EADH forensic analysis details how gravely IEBC servers were breached
IEBC servers were entirely breached to manipulate the August presidential vote tally according to forensic analysis by the DCI and EADH.
The analysis of computers confiscated from the three Venezuelans; Salvador Javier, Jose Gregorio, and Joel Gustavo by the Directorate of Criminal Investigations (DCI) show that the three were among dozens of non-Independent Electoral and Boundaries Commission (IEBC) staff who had extensive access to the agency’s servers.
According to the DCI report published in the Daily Nation, the three Venezuelans had not been contracted by the electoral commission but had access to its servers five months before the disputed polls, a forensics analysis shows.
The DCI, who the Azimio coalition wants to be summoned to the Supreme Court to testify in their petition, is now looking into a number of electoral fraud offenses, including the access, which was obtained through a corporation related to a top politician from North Eastern.
In a meeting on July 28, IEBC chair Wafula Chebukati informed DCI George Kinoti and Police Inspector-General Hillary Mutyambai that the organization’s networks were impenetrable and that only authorized personnel had access to them.
During the meeting at Jogoo House, Wafula Chebukati also informed the DCI and IG that the three Venezuelans had been hired by the IEBC to give support on behalf of Smartmatic International, the firm the commission had hired to supply electoral management technology.
Detectives who have been investigating the matter since July now think that was not the case and that the three worked for a different organization connected to the politician from the North Eastern region.
A separate forensic analysis by the East African Data Handlers (EADH) collaborated DCI report on the IEBC servers.
EADH report shows that data transmission servers used by IEBC had several unauthorized individuals who gained access to the system.
A number of attempts to download Form 34C, which was used by Mr. Chebukati to declare the victor of the presidential election, were also successful.
According to EADH’s analysis of the IEBC’s systems, Form 34C was altered multiple times in order to conform to Forms 34B and 34A, which the audit reveals were also intercepted and altered, in the backward tallying of the presidential results.
“It is obvious the downloading and the translation of Forms 34B and Forms 34C indicates that the process was not forward tallying on the designed tallying chain— 46,232 forms 34A create 290 forms 34B and they create the final 34C,” says a report on the analysis.
“In this case, the data seem to be working from forms 34C that are seemingly being downloaded into a .csv file, modified or edited and transmitted,” it further states.
A CSV file is simply a text file whose information is separated by commas. Hackers prefer to use it because its contents can be edited by anyone who has access to the system using programmes that don’t have to directly communicate with each other, which makes it difficult for investigators to trace the source of the intrusion.
Despite IEBC’s claims that its systems were impregnable, EADH’s investigation reveals that unauthorized individuals had access to the IEBC servers on many occasions and were able to intercept communications between the Kiems kits and the presidential tallying center in Bomas, Kenya.
A number of forms 35, which were used for the legislative elections, ended up within the systems used to tally the presidential election since the level of interception was so severe.
“It seems as though there was a middleware that was intercepting, receiving, and/or sending information between the Kiems kit or the county tallying servers and the presidential tallying server and verification of specific forms,” says the analysis. For example, on August 12, one of IEBC’s servers was accessed remotely using IP address 10.13.0.49 at 12.16 pm.
“The connection was disconnected at 1:27 pm and reconnected at 4:13 pm, which was terminated almost immediately and then reconnected at 4:47 pm,” the report states.
Such connections were being made by persons who had not been gazetted as IEBC officials for the elections, including a login by the name Dickson Kwanusu that not only modified data in the system but on several occasions downloaded Form 34C.
“All the IEBC officials for the 2022 General Election were published in the Kenya Gazette. Dickson Kwanusu does not appear as one of the officials on the documents yet he appears multiple times making and executing requests in the election verification process,” says the investigation.
According to the report, Kwanusu made an unclear and deliberate update to the system on August 14 at 4:29 p.m. in order to override the entire tallying procedure and produce a Form 34C. It was the day before William Ruto, the deputy president, was formally recognized as the winner of the election.
The analysis found that between August 12 at 3:48 p.m. and August 15, when the winner was announced, there were 27 attempts to generate Form 34C.
Form 34C should have only been generated once, ideally after all polling places and constituencies had finished tallying the votes. What was the necessity to generate all those forms 34C? is the main question that investigators are currently attempting to answer.
Apart from Kwanusu, others who logged into the system despite not being accredited include Abdi Hadir Abdi who performed verification of 659 forms 34A, Harun Gathiru, Mohamud Mohamed, and Isaiah Khuyole.
Forensic analysis findings by EADH correspond to those of the DCI, which has separately said Salvador Javier, Jose Gregorio, and Joel Gustavo, the three Venezuelans who were arrested on July 21, were also accessing IEBC’s systems before, during, and after the polls.
Investigations revealed that the three had in their computers almost everything on IEBC’s systems.
Also read,
Raila questions IEBC commissioners’ honesty as he responds to Chebukati’s claims of interference
DCI issues preliminary forensic report on “compromised” IEBC election system
President-elect William Ruto speaks ahead of the presidential petition hearing this week
Follow us