Sunday, 11 November 2018
SECOND CLEAR CASE OF SABOTAGE OF PKR'S e-VOTING SYSTEM - WHY & WHO ?
The discovery of a 4G and WiFi jammer device on an upper terrace of an indoor stadium in Kuala Selangor where the PKR's divisional party election was held on 28 October 2018 was the first clear piece of evidence of sabotage of the party's controversial e-voting system.
The jammer's placement on an upper terrace gave its signals optimal coverage of the polling venue, thus disrupting e-voting which relied on 4G or WiFi connectivity of the tablets used for voting. which in turn resulted in voting for the PKR's Kuala Selangor division having to be postponed.
The fact that the jammer was not removed, strongly suggests that whoever placed it there wanted it to be discovered, hoping that it would create dissension between contenders for the post of party vice-president and their supporters.
On 10 November 2018, The Malay Mail and The Star reported the discovery that the Prey anti-theft application had been installed on the 10 tablet devices used for e-voting at PKR's Julau branch in Sarawak.
PKR's Election Committee chairman Datuk Rashid Din said that party's cybersecurity team at its headquarters in Petaling Jaya, had reported that the Prey application was used remotely to erase the e-voting application in the tablets, steal data, change the passwords and control the use of the tablets.
Prey, developed by the Prey Project, is a popular free-of-charge or subscription-based cloud (web-based) service which works with a client application installed on Windows, Mac OS and Linux-based PCs, as well as Apple iOS and Android smartphones, which enables owners to remotely monitor and track movement of their device when lost or stolen, as well as to remotely take screen captures of applications being run by the person using it after it was lost or stolen and also to remotely snap his or her photo which has helped local police to recover the device for the owner. Prey also lets owners remotely control their device.
Below are two You Tube videos which describe what Prey is an how it works.
Whilst on the one hand, one would expect that it would have made sense for PKR itself to have installed Prey on its tablets as protection in case they are lost, stolen or have some unauthorised application installed on them by some third party, however in this case, an ill-intentioned third-party installed Prey on these 10 tablets, which gave them remote control over these devices, instead of PKR.
This discovery in Julau, also does not help PKR following the controversy over the huge jump from 603 to over 13,000 members in PKR's Julau branch within one day in June 2018. Below are some media reports onthe Julau branch issue:-
PKR Julau branch membership controversy deepens
KUCHING: The PKR Julau branch membership controversy took a new twist when its branch chief claimed that dead members have been registered as members in his branch.
Sarawak PKR lodges MACC report on dubious members (MACC - Malaysian Anti Corruption Commission)
The last line of this The Malay Mail article reads:-
"The MACC has since raided the office of Julau MP Larry Sng Wei Shien to facilitate investigations for allegedly buying thousands of votes."
Citing the same Malay Mail article above, Malaysia Chronicle, a strongly pro-Pakatan portal called upon the party:-
"PKR'S NAME IS NOW MUD – HAUL UP THE ATTACK DOGS & SACK THEM: JULAU OVERKILL – SAIFUDDIN FLAYS 'FACTIONS' FOR PUTTING SELF-INTEREST FIRST"
Accusations have already begun to fly between contenders in the party elections for the PKR Deputy-President post.
Team Rafizi says Julau controversy created by Team Azmin
Jointly citing a The Malaysian Insight and a Malaysiakini report, Malaysia Chronicle quoted one of the contenders Rafizi Ramli:-
"I don't think the results for Julau – whatever the results – will be accepted."
If a re-poll is called, he said, "I am not certain if anyone has the energy for it".
"Every time there is a revote, it takes a huge toll on our campaign. To mobilise members in areas like Julau is not easy. The logistics issue is huge."
And, said Rafizi, he is already broke.
"I don't have a single sen left to organise another round."
And cyber-security expert Keith Rozario:-
On the use of Android tablet computers for the PKR voting system, Rozario said it was difficult to protect devices where an untrusted user had physical access to it.
He explained that this was why iPads menu systems in restaurants and ATM machines are secured in metal enclosures.
"We use to say in infosec (information security), that if an attacker has physical access to the device it's game over," he said.
At this point, I wonder whether it is worth my while to again remind PKR that they should have switched to traditional paper ballot voting one their e-voting system encountered problems during party elections in Penang and Kedah, about one and a half months since I wrote:-
e-VOTING SYSTEM SCREW UP RESULTS IN FIGHT BETWEEN PKR MEMBERS
Back then, I believed that it was purely a technical issue with their e-voting system but now that it's clear that there are attempts at deliberate sabotage involved, either by party members or outsiders, so there's no certainty that even paper ballot voting will be free of such issues.
Malay Mail and The Star articles on the Prey application found on e-voting tablets follow below:-
PKR suspends poll at controversial Julau branch over 'cyberattack'
Published 10 hours ago on 10 November 2018
By Sulok Tawie
KUCHING, Nov 10 — PKR halted voting at its scandal-hit Julau branch today after its central election committee detected a third-party application on the 10 tablets used for the party's e-voting.
Committee chairman Datuk Rashid Din said reports have then been sent to the panel's cybersecurity team in the party headquarters Petaling Jaya for examination.
"The information that was received stated that the software was used to erase the e-voting application in the tablets, steal data, change the passwords and control the use of the tablets," he said in a statement.
The tablets were being remotely controlled, he added.
A technical team took the tablets offline before removing the application.
He identified the "malware" as the Prey app. Prey is a legitimate anti-theft application that is available on Android, iOS, Windows, macOS and even Linux.
The statement did not say if the app was altered or simply used to hijack the tablets.
The committee opted to suspend the announcement of the Julau branch's results pending further examination of the tablets and e-votes lodged.
"The committee is investigating if the cyberattack is also happening in other places where the party's polls are also held today," Rashid said.
The Julau branch caused controversy with the sudden spike its membership from 603 to 13,178.
Sarawak PKR information chief Vernon Kedit had claimed that the registration of 13,178 new members of the party in Julau was "not genuine, but made by stealing personal data and information without the knowledge of the owners and, therefore, not proper".
Two hours earlier, The Star reported:-
Julau PKR results suspended after malware issue
Saturday, 10 Nov 2018
7:14 PM MYT
by sharon ling
KUCHING: THE PKR central election committee (JPP) has suspended the results from Julau division, after the tablets used in voting were found to be compromised with Prey anti-theft software.
JPP chairman Datuk Rashid Din said the e-voting system at the Julau polling station failed to function normally at 2pm on Saturday (Nov 10).
"It was found that 10 tablets being used at the time had the Prey software installed in them.
"Information from the JPP cyber security team in Petaling Jaya stated that the software was used to erase the e-voting app in the tablets, steal data, change the password and remotely control the tablet," he said in a statement.
Rashid said the JPP's system and IT unit took immediate measures to resolve the problem, including switching the voting mode to offline and uninstalling the Prey software.
"Due to this situation, the JPP is suspending the results for Julau division until the tablets are restored and the data is processed.
"The JPP is also investigating whether a similar cyber attack happened in other places that voted today (Saturday)," he said.