BY RAYMOND AFRICA and GERARD NAVAL
SEN. Imee Marcos yesterday said data servers of Smartmatic International, poll systems provider of the Commission on Elections (Comelec) have experienced “security breach” which she said “compromises the processes and operations of Smartmatic in a very serious way.”
Marcos disclosed the information after an executive session with Comelec and Smartmatic officials, and other resource persons. She said there was an unprecedented motion made by Senate President Vicente Sotto III “that certain portions of the executive session conducted with regard to the data breach… be released to the public.”
“There indeed was a security breach in Smartmatic operation. That appears to be clear… we have to admit that a very serious breach occurred. It may not be technically hacking.
However, we feel that it compromises the processes and operations of Smartmatic in a very serious way,” Marcos said in a chance interview at the Comelec office in Intramuros, Manila, after conducting a hearing on various issues raised concerning the May 9 elections.
Marcos chairs the Senate committee on electoral reforms and people’s participation.
Sotto said he consulted with the members of the committee so they can divulge some matters tackled during the executive session, for transparency.
“It became clear that there was a breach in the Smartmatic systems. For now, there is no indication that the Comelec system has been compromised. It is unfortunate, though, that the poll body did not immediately ask for an executive session of the JCOC (joint congressional oversight committee) when the breach happened. It should have been forthright with this information, which is critical to the elections, but instead, it even issued a ‘gag’ order on Smartmatic which subsequently refused to cooperate with our investigative agencies,” Sotto said.
Comelec Commissioner George Garcia, in a press conference, said the poll body’s automated election system (AES) which will be used in the May 9 national and local polls has not been hacked, contrary to a report in January.
“The Comelec system was not hacked. Clear and simple,” he said.
Comelec spokesman James Jimenez said, “We are confident that even in this particular case, there was no hacking. And therefore, we feel there will be no impact of that alleged hacking on the election results for 2022.”
Asked how the Comelec’s relationship with its perennial partner Smartmatic is, Jimenez said, “It is perfectly okay to say that, from the very beginning, the Comelec is fully in charge of the elections.”
Garcia gave the assurance the Comelec is looking at enhancing its systems security ahead of the elections.
“We will strengthen whatever we have right now,” he said.
Christopher Ocampo, lawyer of Smartmatic, the AES was not hacked and the company is not involved with processing and storing of voters’ personal data.
COMPROMISED?
It was the second time Marcos’ committee held a hearing on various election issues, such as the lack of presence of representatives from different political parties and candidates at the regional and provincial technical hubs to prevent SD cards switching, partial implementation of digital signatures, postponement of ballot printing observation at the National Printing Office, and disallowing observation of SD cards configuration at the Comelec’s Sta. Rosa, Laguna warehouse.
Sotto said Comelec should adopt increased “transparency and vote security measures” to ensure a clean elections not only in May but in future elections.
Marcos said they suspected that Smartmatic’s operations have been compromised after a social media account of “XSOS Leak” uploaded on Facebook vital information on Smartmatic.
She said the information include showing Smartmatic’s ledgers, pictures of its office, contact details of Comelec officials, and officials who are fond of drinking red wine.
She said “XSOS” could be a “criminal hacking syndicate.”
Sotto said the information was uploaded on Facebook after XSOS managed to copy files from a Smartmatic-issued laptop which was given to one of its employees.
“I think this is part of what we can divulge. Merong empleyado ang Smartmatic na nilabas ang laptop niya at hinayaang, well not hacked, but hinayaang makopya ng certain group (There is this employee of Smartmatic who brought out the laptop which he/she let the files to be copied by a certain group, but it was not hacked). I think that’s far as we can go,” Sotto said.
Marcos said Smartmatic told her that the pieces of information which were supposedly uploaded on Facebook were “old” ones which were used in the 2016 elections and can be seen on its website.
She said this is alarming since the information uploaded were detailed.
“Nakaka-nerbiyos pati flowchart, mga processes ng Smartmatic. May mga password, username. Sabi nila bulok na at non-usable but nevertheless, the wealth of detail and depth of knowledge is a little bit alarming,” she added.
Marcos said the security breach is now being investigated by the NBI and the Cybercrime Investigation and Coordination Center, an attached agency of the Department of Information and Communications Technology.
“Something did happen despite the denials of all institutions concerned in the past two years… We found something did happen… It is only now that this came out. They were vehemently denying this all along),” she said in mixed English and Filipino.
Sotto said the truth came out because the NBI and CICC got involved.
“It was simply a blanket denial of Comelec. Smartmatic, no hacking. But there was breach and technically is it like hacking,” he added.
Marcos said Smartmatic and Comelec both gave the assurance the May elections will be fraud-free despite the security breach.
“But the potential for a very serious security breach is now there because it appears that Smartmatic has, all it’s contractual employees have, access to the very confidential data, locations and other facilities. It’s rather alarming” she said.
Garcia, in the press conference, said no excess ballots will be printed.
“Overprinting of ballots? We will not allow that,” said Garcia.
And as of March 15, the poll official said that 74.8 percent or 50,448,532 have already been printed.
However, he said 105,350 ballots were found to be defective and had too be reprinted.
“These include ballots that were right in the middle, prints are not aligned, colors are different, some even have lines in the middle,” said Garcia.
On the other hand, he said a total of 37,132,899 ballots have already been “exited.”
“These are the good ballots. Exited means it has passed the entire process already,” he added.
Official ballots will be shipped from the NPO to regional hubs from April 20 to May 5.