‘Ghost in MEC system’
- Suleman details how elections were ‘rigged’
- Claims MEC system was hacked
MCP IT expert and witness in the on-going elections case, Daud Suleman, on Friday demonstrated how MEC’s computerised election result management system (RMS) was allegedly breached by a ‘ghost’ operator to change the results of the presidential elections in favour of incumbent Peter Mutharika.
In a presentation, using the software Malawi Electoral Commission (MEC) used during the May 21 elections, Suleman focused on demonstrating before the panel of five judges hearing the elections case, how MEC’s election result management system safeguards were breached.
Suleman, who is a witness to second petitioner Lazarus Chakwera, further provided evidence to back a theory that the results were not credible.
Using graphical evidence, Suleman demonstrated to the court first how the computer system left trailing evidence that information which had earlier been applauded in the system was later deleted by the hacker or group of hackers.
The witness also demonstrated how the election results were entered and transmitted in the MEC computerised system by the hacker within milliseconds and further demonstrated how this was impossible using a human effort.
Suleman pointed at evidence that allegedly further demonstrated the work of the hacker, which included digital evidence of MEC equipment being seen to have been used in two different places at the same time or in some instances, one MEC computer was being used by MEC officers at two geographical areas at the same time.
All this, he told the court, is humanly impossible, but could be explained as work of ‘the ghost operator’ as Suleman referred to the hacker.
Suleman further provided other digital evidence that the results were not a reflection of the tallied votes from the various polling centres in the country, including a detailed graphic illustration of how data analysis of the results indicates that only results from some 2 002 polling centres were entered in the election system instead all the 5 002 polling centres in the country.
If results from all the polling centres were entered in the RMS, Suleman demonstrated the difference in digital footprints the MEC database could have registered, saying at a certain point in elections, the hacker penetrated the election system, altered the results and deleted certain information.
Suleman did not mention the IP address of the ghost operator, but suggested MEC system was deliberately compromised by MEC officials, saying they used personal addresses with Google or Yahoo accounts instead of official addresses to use the system; hence, making it possible for the system to be accessed remotely from anywhere outside the MEC system.
Suleman suggested that it was possible MEC officials both accidentally and deliberately surrendered such access to the results.
Citing information from the MEC database, Suleman said the election results were entered in the system and calculated within miliseconds and demonstrated how a computer hacker could accomplish this feat. By using a group of IT officers, Suleman also demonstrated how it was impossible for a system that required various officers to separately manually log into the system and process the results to do so in such a short period of time.
Suleman told court the system required that MEC officers at constituency tally centres enter results which had to be approved on two stages by two different IT officers before an auditor approves and finally a copy of the results was transmitted to the main tally centre in Blantyre.
In the court demonstration, one tally centre processing just results of three streams took an average of 10 minutes to accomplish this, but Suleman said the information in the MEC system demonstrated that the hacker managed to do the whole system in milliseconds.
“There were time stamps showing that one computer was being used in Mulanje and Thyolo at the same time. We had one kit present in two geographic areas; we have also discovered that human beings can’t process all this in this time. Every set of data must connect with other data; you can’t have a blank record, you can’t have a table with less than 5 002 tally sheets, all this points to one conclusion; that this data was manipulated by script and unfortunately, a decision was made using this data,” said Suleman.
As Suleman walked out of the courtroom, he was mobbed by opposition sympathisers who cheered him as security whiskered him away.
Chakwera’s lead lawyer Modecai Msisha said Suleman had demonstrated clearly how the elections were manipulated, saying the demonstration was “very firm and specific” on its evidence.
Attorney General Kalekeni Kaphale, who is representing MEC, said MEC’s legal team would not immediately comment on the demonstration and the public will hear its response when cross examination starts.
Professor Danwood Chirwa,a legal expert based at South Africa’s Cape Town University, on Friday described Suleman’s testimony as “devastating”.
“He so powerfully delivered his testimony with the aid of simulation and demonstration, that he left the judges with a clear understanding of what happened,” said Chirwa.
Chirwa said Suleman had demonstrated that the IT system which the commission used was “insecure, was manipulatable and was, in fact, manipulated.” The case has been adjourned to Monday.
