Forgot your password?
  • Increase font size
  • Default font size
  • Decrease font size
  • default color
  • green color
  • red color


Dec 05th
Home Sections History E-mail 102 – The Integrity of the IP Address and Hacking the Count
E-mail 102 – The Integrity of the IP Address and Hacking the Count PDF Print E-mail
User Rating: / 3
Sections - History
Written by Ado Paglinawan   
Wednesday, 30 June 2010 19:05


By Ado Paglinawan


“Crisis of Sovereignty” Series (Part Seven)


In E-mails 101, we included a March 12, 2010, posting of Interior and Local Governments Secretary Ronaldo Puno to President Gloria Macapagal Arroyo, citing his conversation with a certain William Burns of the US State Department calling attention to the fact “Smartmatic has disabled the (PCOS) machine’s ultraviolet ray reader of each ballot’s barcode.”

Secretary Puno added that “the information they have about Smartmatic’s move to disable the UV Ray Reader was supposedly confidential and yet they know about it, which points to the fact that we discussed, there is a mole among our people.”

This conversation between the chief executive of this country and her Interior Secretary is so revealing of a self-explanatory cloak-and-dagger operation, happening at the blind side of the Filipino people but has been intercepted by US intelligence.

In order to appreciate the sensitivity of this matter, it is necessary to revisit at this point how the 2010 Automated Elections System (AES) has been designed.

In an April 2010 report of Pacific Strategies & Assessments, one of the foreign groups that came to observe the recent election, “the AES uses optical mark reader (OMR) technology which allows a voter to record votes by making marks directly on the ballot which are then input into a machine for counting. The Philippine AES will work on a variation of an OMR system called precinct count optical scan (PCOS) technology wherein voters choose their candidates by shading corresponding ovals.

“The PCOS will scan optical paper ballots that voters marked by hand. Each ballot will be labeled with a bar code that only allows it to be read by the PCOS machine in the appropriate precinct.

“After completing the ballot and inserting it into the machine, the ballots will automatically drop into a plastic ballot box that sits under the machine.

“The votes are then automatically tallied by the PCOS for every clustered precinct. Each PCOS unit electronically transmits the results to the municipal Board of Canvassers and servers that will be maintained by Comelec and other observers.”

T he Puno e-mail to Arroyo is an attestation that both the President and he knows and recognizes the essentiality of the UV Ray Reader to the integrity of the AES. Puno quotes Burns, “in so doing, it removed the safeguard and protective measures against multiple counting of the same ballot resulting in cheating and possible vote padding…”

In this article or Emails 102, Secretary Puno gets an education from a certain Gary Hardaway on the integrity of the IP address and how the count can be hacked. The conversation is so plain, no further elucidation is required.

PF: 32001 REF: 2010

Additional Manipulation Schemes (Philippines 2010 Elections)


“From: ‘Gary Hardaway’ < >

Subject: Got the Info

To: ‘Ronaldo V. Puno ‘<>

Received: Tuesday, 06 Apr 2010 13:12:24 PM


Mr. RVP:

Here are two schemes that I have formulated for your evaluation based on the information I've gathered and what you have given me. I have designed this schemes so that it would fit all the preparations you've made so far.

Let me summarize all the Information we have gathered plus those that we already have that are pertinent to this Scheme that I have laid out below.

 1. Digital Signature feature of the PCOS will not be activated during the transmission of Data.

 2. Voter's Verification (LCD Display of Voter's Choice) will not be enabled.

 3. The IP Addressing Scheme of the Providers according to you is Dynamically limited to a specific set of IP address.

 4. The MAC Address Validity for the Election Accounts will expire after 5 days.

 5. A 3G HSPA Modem will be used for the Transmission. From what I gathered, the modems to be used are manufactured in China.

I believe you know already what is meant by Digital Signature as well as the LCD verification in relation to the PCOS Machine and the Election itself. However, I do need to explain to you the IP addressing and the MAC address and why is it important to us and the schemes I am about to show you.

1.      IP Addressing is the way a network (The Internet) differentiates or Identifies a certain Computer, Machine (Hub, Routers) from one another. You can very well say that it is the Unique ID by which any Computer is recognized n a certain network. There are Two ways these IP Address is given to a certain Computer. Either it is Statically or Dynamically assigned by the Network Administrator/Provider.

a. Statically Assigned IP means that a permanent IP address is assigned to the same account every time that account logs in to the network. The only chance that this address will change is if the provider decides to do so. In our case this account is defined by the Subscriber Identity Module

b. Dynamically Assigned IP, as the name suggest, it is dynamic or adjusting. It is when the IP address can change every now and then depending on conditions that is set by the Network Administrator, in our case the Provider. When I say "it can change", it doesn't mean that it changes every time from time to time. In fact, it basically remains the same each time the account logs in to the Network. Conditions that could merit a change in the IP Address on a static method can be any of the following:

1)  Change in Operating System.

2) Long Periods of Inactivity by the account.

3) Change in Network components.

4) Request for an IP change is made to the provider.

2.   MAC address refers to the unique address that is embedded in each and every hardware that is connected to the Network. Be it a computer, printer or whatever. This MAC address is permanent and more often than not can never be changed. Although some brands allow the changing of this MAC address but it requires Cloning Hardware and Hardware Embedding. This MAC address of each hardware is recorded by the Provider on a Database and each MAC address is assigned its own IP address. Each time this hardware logs in to the network, the system will check the MAC address of the Hardware. Then looks at the database and see if it already exists. If it does, it then checks the Validity or Expiration Certificate of the account. If it is valid then it takes the IP address assigned for that MAC Address and uses it. If the MAC address does not exist in the Database, it will record the MAC address and then assign a new IP address for that Hardware.


I am sure that I am already starting to sound confusing. But bear with me for a while and it will make sense soon.


Now for the Scheme itself:

Scheme 1 (Transmission from another Station)

1.   Election will proceed as Normal. Until the Closing of the Precincts.

2.   Transmission will take place as Normal and PCOS will be able to transmit (Without the Digital Signature)

3.   Printouts will be printed and duly distributed.


1.   While the elections are proceeding normally at the precincts. In a different location (Preferably in close proximity to the Precinct) Another PCOS is busy preparing manipulated data for the same precinct. This PCOS must be configured identically to the Precinct PCOS.

2.   Once the Transmission of the Precinct PCOS is done, the modem used by that PCOS will then be brought to the PCOS with manipulated data. Using the same Modem the PCOS will now transmit data to the Central Server. We should not forget that the system allows redundant transmission for data integrity. Thus, the earlier transmitted data will be overwritten by the newly transmitted data. Using another modem is out of the question since that would give another MAC address thus another may be assigned. The point being, using another modem to transmit data from the secondary PCOS would leave a footprint which could very well lead to the discovery of the scheme.

Note: The CF cards of the original PCOS must later be substituted with the CF cards from the manipulated PCOS.


What are the safeguards we have that no one will be alerted or risk being discovered/traced later?

1.   Without the Digital Signature, there is no way to tell which machine made the second transmission. Plus with the simultaneous transmission going on at the same time. No one will be able to tell that a re-transmission has occurred.

2.   The only way to trace this transmission would be to check the IP address of the Transmitting Machine. Since the IP address is Statically Assigned we are certain that the same IP address will appear and having used the same modem, the same MAC address will also appear. For all intents and purposes the IP and the MAC will show that it was the same machine that transmitted the data. Again, with the absence of the digital Signature there is no way to tell which is which.

3.   Next Question would be the Time Stamp of the Transmission. The trick here is to set the Time Clock of the servers 10 to 15 minutes late than that of the PCOS machines. This way the time stamp would appear to be approximately within the range of the original transmission. Remember the time stamp that would appear on the printout is the time of transmission while the time stamp on the server is the time of reception which is never the same. There will always be a couple of minute difference.


Reminders of Things for Preparation and Things to be Done:

1.   Identical CF cards must be prepared and used for both the Precinct PCOS and the other PCOS.

2.   Manipulated Data must be ready the moment the modem arrives so that transmission can be done at once.

3.   Clock setting for the Server and PCOS must have a 10 to 15 minute difference with the PCOS being ahead.

4.   The same modem must be used by the Precinct PCOS and the other PCOS.

5.   As soon as it can be done the CF cards must then be substituted.

Note: I think that with the resolutions and policies you have made, the importance of the printouts of the original PCOS will be academic and of no value.


As I have said earlier, this schemes are designed to fit the preparations you've already made without entailing too much additional work. The only additional work would be the preparation of the CF cards which will only be applicable if you decide to put the other scheme to action.

The Second Scheme is in the other file which also in this attachment. It is for your evaluation as well.

Truly. Gary


(To be continued . . .)


Newer news items:
Older news items:

Comments (3)

From the reports of Cong. Locsin's Committee and the Joint Forensic Team for the Joint Canvassing Committee of Congress; and the SC and Ombudsman petitions of Atty. Adaza and PCS President Celis, here is a summary of the major violations of the law by Comelec in implementing the Automated Election System. Hope this serves as a guide in our search for truth and justice in the exercise of our right to suffrage. Please pass to friends who care. Thanks.

To view the Summary in Table Form and the Complaint-Affidavit of the Philippine Computer Society (PCS) against Comelec Officials at the Ombudsman, please check the following links and download the files:


Comelec's non compliance with the law resulted in a completely untested and unaudited system. The only testing made was at the precinct level and used in conjunction with sporadic voter training. No system testing was made with the Boards of Canvassers for the municipal, city, provincial and national levels. No testing was also made to determine whether the voting continuity and contingency measures were realizable.

As a result, it led to the following problems, diiculties, irregularities and inaccuracies during the elections:

Long queues of voters waiting to vote for more than 3 hours in order to locate their precincts, resulting in 3 to 5 million disenfranchised voters.
Erroneous count of 253 million registered voters in the Server of the House of Representatives.
Failure to read 3 to 4 million “null” votes recorded nationwide.
Printed election returns containing dates before, during and after 10 May 2010 and printed on credit cards thermal papers.
Many election returns showed only 10 votes from about 500 to 600 actual voters, indicating that these returns were based on test ballots prior to Final Testing and Sealing of the PCOS machines.
Electoral protests at various levels in 41 provinces and cities. The congressional inquiry at the House of Representatives (Locsin hearing) “showed that there was electoral fraud committed, and substantiated by documentary evidence, with Comelec and Smartmatic, keeping the public in the dark about the many ways one could cheat through the machines, the many irregularities and last minute changes in orders coming from Comelec that provided many opportunities to cheat and manipulate the votes for favored candidates.”

POINT 1. The PCOS machine uses an Ultra Violet (UV) Security Mark Sensor to determine the genuiness of a ballot. Prior to the elections, this UV Sensor was disabled by Comelec.

The Locsin hearing confirmed that SMARTMATIC provided all the paper, UV ink, and several printing machines for National Printing Office (NPO) to print the ballots. Ms. Grace Enriquez of NPO and Mr. Flores of Smartmatic confirmed that the PCOS cannot read the UV ink printed ballots because of the lessened density of the UV ink due to the heightened printing speed to meet the printing deadline.

Instead, Comelec immediately purchased some 76,000+ handheld UV readers that were not used during the elections.

POINT 2. In the Locsin hearing, it was confirmed that the Compact Flash (CF) cards of the PCOS can allow the reinsertion and acceptance of already scanned ballots. Later, both Ms. Quimson of Navigation Information and Mr. Flores said that scanned or previously read ballots can be re-fed into the computers even without a change of CF card.

There was no way to know whether the ballots read during the elections were genuine or fake.

POINT 3. The Joint Forensic Team, commissioned by the Joint Canvassing Committee reported June 9, 2010 the discovery that the PCOS machines have a controlling CONSOLE PORT which allowed the unsecured vulnerability of the PCOS machines to manipulation and open to malicious control and electoral fraud.

Through an unsecure (that is, with no username and password) connection of a laptop, the laptop was able to access the operating system of the PCOS machine. Smartmatic was not able to offer a technical explanation to this major security breach loophole.

The Namfrel terminal report, released July 2, 2010, said the random manual audit of certain precincts showed that the degree of variance was less than what was the required 99.995 percent accuracy. The overall performance of the machine is 99.35 percent accuracy, which was below the required 99.995 percent.

Extrapolating this percentage to 76,340 precincts, it will amount to about 345,000 ballots inaccurately read.

The digital signature is the primary feature to determine the authenticity and verifiability of the election returns from the precincts. Thus, the Contract specified these as the second main deliverable of Smartmatic.

POINT 1. Comelec issued Resolution 8786 March 4, 2010 that no longer required the use of digital signatures. The Resolution stated:

"WHEREAS, there is a need to amend or revise portions of Resolution No. 8739 in order to fine tune the process and address procedural gaps;
SEC. 40. Counting of ballots and transmission of results
f) Thereafter, the PCOS shall automatically count the votes and immediately display a message "WOULD YOU LIKE TO DIGITALLY SIGN THE TRANSMISSION FILES WlTH A BEI SIGNATURE KEY?", with a "YES" or 'NO" option;
g) Press "NO" option.
The PCOS will display "ARE YOU SURE YOU DO NOT WANT TO APPLY A DIGlTAL SIGNATURE?" with a "YES" and "NO" option;
h) Press "YES" option."

POINT 2. The Locsin Report stated: “14. The digital signature—only of a particular PCOS—and not of the BEI person herself was conceded as being, for practical but not legal purposes, sufficient compliance with the intent of the E-Commerce and Automated Election laws. The Chair argued that a PCOS [or machine] digital signature serves equally as the digital signature of the BEI who has custody of the machine because it is possible to link one to the other.”

POINT 3. The Joint Forensic Report however proved that such practical purposes was not true, as there were no such digital signatures. The Report stated:

“ Absence of Machine Digital Signatures
Examination o the PCOS machines revealed that there was no evidence ound to prove the existence of digital certificates in the PCOS machines, contrary to the claims of Smartmatic. The technicians o Smartmatic were not able to show to the forensic team the machine version of the digital signature, alleging that they do not have the necessary tools to show the same. More so, they were at a quandary as to how to extract the said machine signatures--- to the dismay of the forensic team.

If there are digital certificates, then these were supposed to be revealed. The forensic team tried to extract the digital signatures but to no avail. Hence, the forensic team is of the opinion that there exists no digital signature in the PCOS machine.”

POINT 4. Without the digital signatures (whether that of the PCOS or the BEI), there is no way to check in the CCS servers in the municipality, city, province and national to know which PCOS machine (authorized or unauthorized) is transmitting to their CCS servers.

This is crucial with the discovery of 60 PCOS machines and 2 Broadband Global Area Network (BGAN) in Antipolo in the house of a Smartmatic technician (who could not show any authority for safekeeping, back up and to which CCS he is transmitting), and the subject of the Forensic team’s investigation.

POINT 5. As proven above, there were no digital signatures used in all level of the AES. Therefore, the Board of Canvassers themselves, from the municipal, city, provinces and national canvassing centers, cannot authenticate, duly execute and certify the Certificates of Canvass they transmit electronically to the higher levels of canvassing.

Thus, all the BOC proclamations are null and void from the beginning.

The voter had no way to check whether the PCOS correctly read and recorded his vote choices.

No Statement of Votes (SOV) accompanied the Certificates of Canvass (COC). The SOV is the details of the votes by precincts (indicated in the election returns) by which the summary votes of each candidates in the COC can be verified and checked.

Comelec stated that it will take some time to print 10,000 SOV recorded in the CCS servers of the Board of Canvassers.

The results of 30 RMA precincts were released and announced as of 15 May 2010.

Last 20 May, Comelec announced results of about 300 RMA precincts were completed with few discrepancies.

In the Locsin hearing, Amb. de Villa of PPCRV reported the partial results of the RMA. Out of the 1,145 randomly selected precincts, 845 precincts have already submitted reports, 15 precincts’ results were in transit leaving 285 precincts with no results yet.

As of this writing, Comelec has not published the results of this Random Manual Audit.

SysTest Lab submitted a report with some 4,000 comments for action by Comelec. No official announcement by Comelec whether these SysTest comments were addressed.

The lack of transparency by the Comelec made the Supreme Court to order Comelec to produce the relevant documentation on these items.

Tests were conducted only at precinct level, none at the municipal, city, provincial and national.

The Joint Forensic Team reported that “the hash codes for the firmware residing in the 6 PCOS machines found in Antipolo have the same SMA256 output ... However, a thorough comparison with the official document posted in the Comelec website revealed that the published hash code is not the same as the extracted one [from the PCOS machines.”

This indicates that the computer programs in the PCOS machines have been altered.


To access/download related files, please log on to the following links:

For all documents related to the Automated Election System (AES):

For all documents related to Critique of the AES:

©2010 KAAKBAY Partylist | 1589 Quezon Avenue, West Triangle, 1104 Quezon City, Philippines

(As posted also in several e-newsgroups by the KAAKBAY Partylist)
2 Saturday, 17 July 2010 11:38
I agree with all the infos here are correct. Simple answer to a complex one is to simplify it. Modems and the IP addressing may have had an issue. Dynamic Ip is a bit difficult for hackers to attack because it changes. Static IP can leak and much easier to detect. Have you heard of the tunnelling method? IBM and AT&T's network security method? It will give us an idea and peace of mind just in case people still doubt the integrity of the PCOS and spend money to educate the operators of the machine. Its easier to bombard, but difficult to apply. Again, issue will be the funds to obtain feasibility. I believe that the GMA admin did their very best effort to serve and run the past election properly. I will, as an individual will support all the seated officials because thats the right thing to do.
3 Saturday, 17 July 2010 12:26
Maybe this will give us all the peace of mind. Get one PCOS that they say that is altered.Assign someone on the recipient site of the network. Get one ballot.Scan it. and prove if the info on the recipent can be altered. If not? challenged the most intelligent hacker that can alter the info on the recipient. Its like send yourself an email from the office to your home, check at home if the message you typed is still the same message you typed in the office. That's simplified forensics.

Add your comment

Your name:
Your email:
Comment (you may use HTML tags here):

Quote of the Day

"The biggest cause of trouble in the world today is that the stupid people are so sure about things and the intelligent folks are so full of doubts."~~Bertrand Russell