Transmission Fraud, Why The Fear Is In Opening The IEBC Server

NASA and IEBC have been at tag war with the KIEMS unit from the onset of election and it is now at its very peak with the electoral body risking a contempt of court for refusing to implement the read only access to their servers which is the suspected fraud hub as of NASA petition.

Coming from a fraudulent 2013 elections where the electronic voting and transmission system was deliberately failed to allow for manual system revert, 2017 strict steps were taken to prevent a repeat of 2013 and with KIEMS pioneered by the murdered IEBC ICT manager Chris Msando, this election was projected to be the most credible in Kenya’s history until the cookie started crumbling with the suspicious murder of Msando.

Being an election that was engraved on ICT success, Chris Msando who took charge from Muhati who was curiously suspended for refusing to comply with internal auditing, become the man at the center of Kenya’s election. All eyes were on Msando, in his media appearances that were meant to increase public’s trust in the electoral system and subsequently the integrity of IEBC, Msando exuded confidence in the system that he confidently stamped as tamper proof. Chris was passionate about his job and was committed to delivering a tamper proof election, on the night of his capture and murder, he had a TV appearance stressing the same point.

According to Msando, IEBC had out in place the best in the world encryption technology, AES256, as a tough measure in their Result Transmission System. The system was built on a four layer topology with an end to encryption that would make it impossible for intruders to not only decipher but access the system. By the time, Msando admitted that IEBC KIEMS was under consistent attacks from hackers.

Casket bearing the body of Msando at the requiem mass in Nairobi.

As explained by Msando himself while alive and also demonstrated during the KIEMS simulation at Bomas days to the election and witnessed by several party agents. KIEMS was top notch and tamper proof. In accordance with the law, results from the polling centers 40,000+ across the country, would be keyed into the kit and only be sent bundled. The send icon would only appear on the kit if a copy of scanned forms34As had been fully uploaded. It was demonstrated as practically impossible to send texts only without a copy of scanned forms 34As. This is contrary to what happened eventually on the voting day.

Ideally, KIEMS was integrated to work as a single unit in that Presiding Officer would feed the polling stations results and the results together with scanned forms 34As would then automatically be sent to the Returning Officers in the constituencies as this what made the form 34Bs, the NTC, and the public portal. This was the ideal design for full credibility sigh. What happened is puzzling, results came in batches without proof forms 34As and the forms uploaded on the IEBC portal were not SCANNED but rather pictures of the forms. All these abnormalities and last minute change points at a possibility that a clone system was introduced into the election as the only convincing reason as to why everything went against what was sold to the public and what murdered IEBC ICT manager Chris Msando promised the public.

NASA has requested for a forensic audit of the KIEMS with sure hopes of getting satisfactory answers to the fraud suspicions and tampering of the system. Remember the first smoking gun for any forensic would be the infrequent updates on the public portal which were supposed to be linear (random results) and not vertical (someone leading). So if results were random how come they were coming in batches hours apart? Obviously, they were not coming from the KIEMS system. From KIEMS (if the POs actually sent in results) they were going into a holding area. Where they were bunched. Then released. Now, this couldn’t have been happening from the official server which Msando and Co had configured! Unless the system was altered.

Our info is that they Msando servers (2) were not altered. Our boys simply brought in a 3rd server, hired Kioni and a Zambian dude to stream the results. That’s why granting access may show official servers were never used.

Three possibilities of what would be found out if access is granted;

1. The IEBC lie that you could sent text results then follow it up with a scanned picture of the Form34A. KIEMS is programmed to send both together and then die off. So we’re the text results displayed plain SMS or KIEMS based?

Secondly, KIEMS is like a phone. It has a SIM card. It has an IP address. It has IMEI. It has GPS. Which means every location it transmitted from can be locked down. If most Form 34A and 34Bs were filled on Bomas, how could the KIEMS allocated to Garden or Kipipiri indicate it’s intended location. Unless it sent results that can be proven but were never used. Or they brought the KIEMS to NAIROBI so if you check phone logs and GPS It will indicate the KIEMS did not work from it’s intended location.

Kenya Insights has managed to get a breakdown of the scrutiny process from an anonymous IT expert whom we shall call X for privacy purposes.
Basically, our IT X who debriefed us before made the process a step by step process.

STEP 1. Find the information from. How information moved from Kiems in the field to the server/s

TO OBSERVE:

Each Kiems Kit was an active communication kit which has the following things:

•An IP Address (identifying how it could communicate
•A Sim Card
•An IMEI Number (Just like your phone has a unique identifier number through which you can be tracked in spite of which service provider your phone uses
•MAC (Which identifies

STEP 2.
These 40k plus Kiems Kits now to communicate with the configured servers have to “call” and be “identified” and “authenticated” by a server which has within it stored all their identities

The 40K+ KIEMS kits have their logs across Safari com and Airtel as they are registered active communication kits using the providers’ masts and infrastructure.

Part of tracking which active KIEMS were operating on 8th and 9th is by having

LOGS on this FIRST SERVER will help you finger
•The number of KIEMS kits that were communicating with that server. This is clear from the MACS that will be shown to have “gotten in touch” by “calling” and being identified.

We can cross-check the MACS and see how they correspond to the number of KIEMS

TO DETECT a case where there are more KIEMS kits out in the field than the number being declared;

•PICK the LOGS from this first server.
•CHECK the MACS identities and COUNT the number
NB: If there are more MACS in the logs beyond the number declared, it’s a clear sign that there are MORE KIEMS Kits beyond the declared number.

STEP 3: is by checking and collecting logs to the SERVER that contains the Data Base (could be anything from voter register, officers identifiers).

Then the SERVER or Equipment that Communicated with Public Portal. The assumption is that the Public Portal had to be fed info from a SERVER which processed what came from the KIEMS. This server must hold within it logs that will indicate the requests for information it was receiving and dishing out.

This is important to also help track where the info processed and was intended for display ie Public Portal or Website would be going to.

If a different person or system was accessing this same database, the logs within this server would help show who was supposed to and who did.

STEP 4 would be to also get Logs from the Portal or Website. The public portal must be programmed to be fed info from somewhere with a specific frequency. If this was done logs would be kept for everything and everything that contacted this server or logged into it.

POINT ON INTEREST: If there exists the possibility that the portal was receiving info from a third suspect server, the portals logs (ie how it was receiving info) would help indicate the following;

• The Frequency of info feed. The first smoking gun would be infrequent time lapses for info feed. A public portal is programmed to be asking for fresh info every say 3 minutes. If it indicates time lapses that are not frequent there is your first program.

• The source of the portal’s info

• If any application was installed into the portal days or hours before the election. Mostly before any cyber crime is committed, a new application to aid the crime is installed before and after. Logs would explain this. Even if deleted, applications do alter the environment they are installed into. Logs would help pick this.

How the initial IEBC results system was meant to work

IEBC has resorted to playing cats and rats game with NASA on opening up servers despite the court order. We’re looking at severe criminal offenses. The fact that IEBC streamed numbers to the public purposefully knowing they weren’t authentic as they now call it statistics is electoral offense. The admission that the NTC has a parallel and manual tabulation is implicating and incriminating the IEBC and also casting doubt on the credibility of the entire process given the fact that ‘real’ results were tabulated in private away from scrutinizing public eye who were now being fed with unverified numbers. The authenticity of this election is in major doubts and IEBC body language is affirmative to the fraud suspicions.