By Vincent Achuka, NAIROBI
Kenya
The three Venezuelans who were
arrested upon landing in Nairobi two weeks before the General Election had not
been contracted by the electoral commission but had
access to its servers five months before the disputed polls, a forensics
analysis shows. |
IEBC Chairman Wafula Chebukati (centre) with IG Hilary Mutyambai (left) and DCI boss George Kinoti outside Jogoo House, Nairobi |
The analysis, of computers
confiscated from Salvador Javier, Jose Gregorio and Joel Gustavo by the
Directorate of Criminal Investigations (DCI), shows that the three were among
dozens of non-Independent Electoral and Boundaries Commission (IEBC) staff who had
extensive access to the agency’s servers, the Nation understands.
This access, granted through a
company linked to a senior politician from North Eastern, is currently among
various electoral fraud matters being investigated by the DCI, whom the Azimio
coalition wants to be summoned to the Supreme Court to testify in their
petition.
It was not clear last evening
if the investigations agency would testify, but the Nation learnt that the DCI
wanted to arrest the foreigners but was held back by the assurances of Mr
Wafula Chebukati, the beleaguered IEBC chairman.
Mr Chebukati, in a meeting
held on July 28, assured DCI George Kinoti and Police Inspector-General Hillary
Mutyambai that IEBC’s systems were impenetrable and that it is only accredited
employees who had access to it.
Mr Chebukati also told the DCI
and IG during the meeting at Jogoo House that the three Venezuelans had been
contracted by IEBC to provide support on behalf of Smartmatic International,
the company contracted to provide electoral management technology by the
commission.
Detectives who have been on
the case since July now believe that was not the case, and that the three
worked for a different entity linked to the North Eastern politician.
Meanwhile, as detectives last
evening pondered their next move, a separate forensic analysis by the East
African Data Handlers (EADH) on the six data transmission servers used by IEBC
showed that several unauthorised individuals gained access to the system.
There were also several
successful attempts to download Form 34C, which was used by Mr Chebukati to
announce the winner of the presidential election.
Form 34C is a summation of all
forms 34B which contain tallies from each of the 290 constituencies. The forms
34B were to be generated by tallying the results of the presidential poll from
polling stations through forms 34A.
An analysis on IEBC’s systems
by EADH shows that there was a backward tallying of the presidential results
where Form 34C was edited several times in order to correspond to forms 34B and
34A, which the audit shows were being intercepted and edited too.
“It is obvious the downloading
and the translation of Forms 34B and Forms 34C indicates that the process was
not forward tallying on the designed tallying chain— 46,232 forms 34A create
290 forms 34B and they create the final 34C,” says a report on the analysis.
“In this case, the data seem
to be working from forms 34C that are seemingly being downloaded into a .csv
file, modified or edited and transmitted,” it further states.
A CSV file, is simply a text
file whose information is separated by commas. Hackers prefer to use it because
its contents can be edited by anyone who has access to the system using
programmes that don’t have to direct communicate with each other, which makes
it difficult for investigators to trace the source of the intrusion.
Despite IEBC insisting its
systems were foolproof, the analysis by EADH shows that there was not only multiple
access to the servers by unauthorised persons, but also that they could
intercept communication between the Kiems kits and the presidential tallying
centre at Bomas of Kenya.
The level of interception was
so grave that a number of forms 35, which were used for the parliamentary
elections, found themselves inside the servers used for tallying the
presidential poll.
“It seems as though there was
a middleware that was intercepting, receiving, and/or sending information
between the Kiems kit or the county tallying servers and the presidential
tallying server and verification of specific forms,” says the analysis. For
example, on August 12, one of the IEBC’s servers was accessed remotely using IP
address 10.13.0.49 at 12.16pm.
“The connection was disconnected
at 1:27pm and reconnected at 4:13pm, which was terminated almost immediately
and then reconnected at 4:47pm,” the report states.
Such connections were being
made by persons who had not been gazetted as IEBC officials for the elections,
including a login by the name Dickson Kwanusu that not only modified data in
the system but on several occasions downloaded Form 34C.
“All the IEBC officials for
the 2022 General Election were published in the Kenya Gazette. Dickson Kwanusu
does not appear as one of the officials on the documents yet he appears
multiple times making and executing requests in the election verification
process,” says the investigation.
The login trail by Kwanusu,
the report states, on August 14 at 4.29pm made an ambiguous and intentional
modification on the system to override the whole tallying process in order to
generate a Form 34C. This was a day before Deputy President William Ruto was
declared the president-elect as tallying was still ongoing.
The investigation shows there
were 27 attempts to generate Form 34C between August 12 at 3:48pm and the time
winner was declared on August 15.
Ideally there should have only
been one attempt to generate Form 34C after tallying of the votes in all
polling centres and constituencies had been completed. The big question investigators
are now trying to answer is what was the need to generate all those forms 34C.
Apart from Kwanusu, others who
logged into the system despite not being accredited include Abdi Hadir Abdi who
performed verification of 659 forms 34A, Harun Gathiru, Mohamud Mohamed and
Isaiah Khuyole.
Forensic analysis findings by
EADH correspond to those of the DCI, which has separately said Salvador Javier,
Jose Gregorio and Joel Gustavo, the three Venezuelans who were arrested on July
21, were also accessing IEBC’s systems before, during and after the polls.
Gregorio was arrested at the
Jomo Kenyatta International Airport after arriving from Istanbul, Turkey. His
arrest, which also led to the apprehension of his colleagues Javier and Gustavo
from an apartment in Riverside, Nairobi caused a brief stand-off between the
IEBC and the police before Mr Chebukati intervened.
While demanding their release,
Mr Chebukati is said to have assured the DCI and the IG that the Venezuelans
had no access at all to IEBC servers. Investigations however show that it could
have been a smoke screen as the three had in their computers almost everything
on IEBC’s systems.