A ranking member of the House of Representatives has cited the Commission on Elections (Comelec) for immediately issuing a statement denying that its servers have been hacked as claimed by a report of the Manila Bulletin.
Agusan del Norte representative Lawrence Fortun, a member of the House Committee on Suffrage and Electoral Reforms, said in a statement that the report was apparently erroneous as “[i]t appears now the alleged hacked files do not exist.”
“It is good to hear the Commission on Elections immediately coming out with an official statement debunking the alleged hacking of COMELEC IT systems involving PINs of voting machines. The timely response is imperative as silence on the part of the Commission will be perturbing and will only arouse suspicion of the public,” Fortun said.
In its statement last Monday, Jan. 10, the poll body said “no independent verification [can be made] that a hack has indeed taken place.”
Referring to the report, the Comelec said “one thing immediately stands out: the article alleges that the hackers were able to ‘download files that included, among others, usernames and PINS of vote-counting machines (VCM).’ The fact, however, is that such information still does not exist in COMELEC systems simply because the configuration files — which includes usernames and PINs — have not yet been completed. This calls into question the veracity of the hacking claim.”
The Comelec added that “the article offers scant substantiation for its assertions despite claiming that the authors had ‘verified that there was an ongoing hack’. Indeed, the article does not even offer proof of such verification.”
Comelec commissioner Rowena Guanzon was also quoted on Twitter saying the breach could not have happened because the poll body has not yet uploaded the hacked files mentioned in the report.
How can they hack our servers @COMELEC when we dont have PINs yet? ITD Director told me we dont have PINs yet. https://t.co/iCy5ka45Dh
— Rowena Guanzon (@rowena_guanzon) January 11, 2022
Fortun said an allegation of hacking should be ascertained before it is made public “as this will certainly erode the credibility of our elections, especially that this is an IT issue or anomaly that most of our voters are not familiar with.”
“Nevertheless, despite the effective debunking, I call upon COMELEC to remain vigilant on cybersecurity of all its electronic systems. Allegations like this that cast doubt on the automated elections may again crop up. What the public need is to be assured of the Commission’s unwavering vigilance and reliable capability,” the lawmaker added.
According to some information security professionals, the “60 GB of data” that were supposedly hacked are merely “mock data” that came from the previous “Comeleak” breach incident in March 2016.
Interestingly, the Manila Bulletin report quoted themselves in the story – an uncommon and unusual journalism practice. It said:
The Comelec, however, said it continues to comply with the Data Privacy Act and is coordinating with the National Privacy Commission. But it warned it will take action against those who will spread untrue information against the poll body and the upcoming elections.
“The COMELEC will likewise continue its efforts to validate the assertions made by article. In this regard, we invite the authors to shed light on their allegations, particularly with regard to the ‘verification’ they claim to have carried out. Considering that ‘news’ like this could potentially damage the credibility of the elections, the COMELEC stands ready to pursue all available remedies against those who, either deliberately or otherwise, undermine the integrity of the electoral process,” it said.
