Details of what NASA findings after being granted access to IEBC servers by the Supreme Court
The Supreme Court on Monday, August 28, granted the National Super Alliance (NASA) read-only access to the IEBC’s servers as hearings into the Presidential petition filed by NASA leader Raila Odinga continued.
After an initial non-compliance by the IEBC technical team,giving reasons that the servers administrators are were still asleep,the exercise eventually took place and the NASA team were able to get access to IEBC servers.
According to documents shared by NASA coalition team and seen by Mkenya Forums on Wednesday, August 30, there were major enduring mysteries they came across, one of them being a discrepancy in 90 Form 34 Bs that affected nearly five million votes.
Here are the 20 discoveries NASA made after auditing IEBC server logs;
- All accounts in the integrated electronic electoral management system are based on authorizations contained in the IEBC IT Access control and user access management policy.
- The Access control list provided for only 34 1 users. Between 6th August 20 I 7 and 22 August 2017:a. There were 3395 failed login attemptsb. There were 385 1 successful log in attempts
- The KIEMS RTS user accounts:a. Gave read only authorizations;b. Deletion of files was not granted:
e. Provided for configuration of election settings and user management. However from the Access Control List no one was granted these privileges.
- Contrary to IEBC IT Access Control and User Access Management Policy,user accounts were misused by both internal and external parties as follows:Access was granted to strangers who were not identified by role and who were not defined in any access lists. Among these are vendors,anonymous users using Gmail accounts, Morpho and SCYTL.com and Administration staff who were noted to be logging into the KIEMS Kits between 08b August 2017 and 22 August 2017.
- The Chairperson’s account was used multiple times to transfer, delete and modify files through the File Transfer Protocol Server which was the mechanism through which all Forms including forms 34 could he uploaded onto the IEBC server.
- The Chairperson’s user account alone had 9934 transaction logs.a. The account used an IP address that was not part of the IEBC Partner addresses (41.212. 16.248) a wananchi network IP address.
- There were cases of use of non partner IP addresses cg wananchi and liquid telcom 22.214.171.124
- Forms 34A and 34Bs were posted by Constituency Elections Coordinators (CEC) at constituency level instead of from polling stat ions during and after the election.
- There is no trace of data originating from any polling station. This raises questions whether data on the server came from the polling station.
- Some constituencies have no trace of any Form 3413 uploaded on to the server.
- In other constituencies Form 34B were uploaded more than once.
- There were several instances of uploading files and retrieving them by various users.
- Only 277 users accessed the FTP server between August 2017 and 17 August 2017 yet data was supposed to be uploaded from each polling station.
- There are instances of one user using multiple IP addresses to access the FTP server. Eg Jlimaris@iebc.or.ke used 10 different IP addresses contrary to the static IP address allocation for the KIEMS Kits and the access control policy.
- There were renamed or modified forms in various constituencies as seen from the FTP Server logs provided by IEBC.
- Some accounts granted were misused lo carry out unauthorized and malicious activities.
a. There were a total of 8300 delete commands.
b. 7954 delete commands were successfully executed between 8th August 2017 at 222hrs and 17th August 2017 at l3l9hrs.
READ ALSO:Acha Kizungu Mingi..Justice is Plain Broken:Makau Mutua and other Kenyans to PLO Lumumba
17.File Formats-Different file formats were uploaded on to the FTP server which shows there no input controls. Some files were in editable formats such as EXCEL AND WORD DOCUMENTS.
l8.Mismatched user privileges, One user firstname.lastname@example.org is a CEC from sotik bomet was not a privileged user to install software application on a IEMS. No controls.
19. Fire walls
a. A fire wall controls access or traffic in and out of a server with restricted server.
b. On the 8th of August there was no traffic on the firewall. Traffic started flowing from the l2 August 2017 at 2.44 CEST (-IGMT)
c. The amount of data in terabytes per second was the same for both incoming and outgoing traffic into the server.
d. IEBC’ refused to provide the firewall rules.
e. IEBC refused to provide Certified penetration test.
20.As at the time of preparing this Report most critical documents under theOrder of Court had not been supplied and all parties agreed.