{"id":1028,"date":"2010-05-25T08:30:19","date_gmt":"2010-05-25T00:30:19","guid":{"rendered":"http:\/\/www.nargalzius.com\/blog\/archives\/2010\/05\/25\/hocus-pcos\/"},"modified":"2010-05-25T08:30:19","modified_gmt":"2010-05-25T00:30:19","slug":"hocus-pcos","status":"publish","type":"post","link":"http:\/\/nargalzius.com\/blog\/archives\/2010\/05\/25\/hocus-pcos","title":{"rendered":"Hocus PCOS"},"content":{"rendered":"<p>I&#8217;ve mentioned my general opinions regarding this topic. But I guess it would be helpful to drill down deeper.<\/p>\n<p>The thing that makes this issue complicated is that both sides have their respective legitimate arguments &#8211; and the &#8220;problem&#8221; I see is how people assume something <em>has<\/em> happened simply based on the possibility that it <em>can.<\/em><\/p>\n<p>That mindset, while legitimate to a certain extent, is unfair to use in the field of technology because it is an uncontested fact that <strong>any<\/strong> system, given enough time, <em>can<\/em> be compromised. The goal of security experts has always been to, at the very least, make it extremely difficult for any hacker to accomplish such a task in a reasonable amount of time.<\/p>\n<p>So given the elections, that&#8217;s quite a slim window of opportunity to get anything done unless you&#8217;ve already got a hack in place. That means the system already has to have defeated from the get-go &#8211; wether it by knowing the 128bit encryption cypher, or that you&#8217;ve tampered with all the PCOS machines, or that you somehow managed to tamper with all remote receiving servers.<\/p>\n<p>Again, these are all possibilities&#8230; but you can see how foolish it can be to assume any one of them has happened based on unsubstantiated claims.<!--more--><!-- \/\/ --><\/p>\n<style>\nsup {\nvertical-align:super;\n}\n<\/style>\n<h1>The Role of Cryptography<\/h1>\n<p>People underestimate the role cryptography plays in all of this. One of the podcasts I listen to is specifically geared to explaining internet security &#8211; and they discuss cryptography <strong>heavily.<\/strong><\/p>\n<p>Sufficed to say, without belaboring the subject, it&#8217;s safe to generalize that cryptography has matured far enough that as long as you had a robust implementation, <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_1');\" onkeypress=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_1');\" ><sup id=\"footnote_plugin_tooltip_1028_1_1\" class=\"footnote_plugin_tooltip_text\">1 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_1028_1_1\" class=\"footnote_tooltip\">on the encryption level<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_1028_1_1').tooltip({ tip: '#footnote_plugin_tooltip_text_1028_1_1', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> having access to the source code doesn&#8217;t necessarily compromise the security of the encryption. It&#8217;s worth mentioning that I&#8217;m talking about the source code on the implementation of the encryption &#8211; not necessarily the actual &#8220;OS&#8221; of the PCOS.<\/p>\n<p>The 128bit key is the cypher that&#8217;s used to manipulate the data, as long as you don&#8217;t know what the key is, it doesn&#8217;t matter even if you knew how it manipulated the data. If I had said that I shifted letters by <code>X<\/code> amount (<code>X<\/code> being the &#8220;key&#8221;)&#8230; it would only be helpful if you knew what <code>X<\/code> was. <\/p>\n<p>So here you have me practically <em>giving<\/em> you the source code; by telling you how I intended to &#8220;encrypt&#8221; the data <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_2');\" onkeypress=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_2');\" ><sup id=\"footnote_plugin_tooltip_1028_1_2\" class=\"footnote_plugin_tooltip_text\">2 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_1028_1_2\" class=\"footnote_tooltip\">By shifting the characters<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_1028_1_2').tooltip({ tip: '#footnote_plugin_tooltip_text_1028_1_2', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> depending on <code>X<\/code> &#8211; and that &#8220;key&#8221; is the only thing that I left out in the equation. Of course it&#8217;s a given that brute forcing a single digit is simple since you only have 10 possible values. This type of cyphering is a far cry of what real secure encryption algorithms use.<\/p>\n<p>What they&#8217;re implying that they have compromised a 128bit cypher. That&#8217;s claiming that they have successfuly found <strong>the single correct value<\/strong> out of 2<sup>128<\/sup> or 3.40282367 &#215; 10<sup>38<\/sup> possible values\/combinations.<\/p>\n<p>Assuming you had a [as yet non-existent] computer (or supercomputer cluster) that can process <em>1 trillion<\/em> passwords a second. On average, it would still take you around 2&#215;10<sup>18<\/sup> years <span class=\"footnote_referrer\"><a role=\"button\" tabindex=\"0\" onclick=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_3');\" onkeypress=\"footnote_moveToReference_1028_1('footnote_plugin_reference_1028_1_3');\" ><sup id=\"footnote_plugin_tooltip_1028_1_3\" class=\"footnote_plugin_tooltip_text\">3 <\/sup><\/a><span id=\"footnote_plugin_tooltip_text_1028_1_3\" class=\"footnote_tooltip\">Yeah, that&#8217;s 2 million-million-millinon<\/span><\/span><script type=\"text\/javascript\"> jQuery('#footnote_plugin_tooltip_1028_1_3').tooltip({ tip: '#footnote_plugin_tooltip_text_1028_1_3', tipClass: 'footnote_tooltip', effect: 'fade', predelay: 0, fadeInSpeed: 200, delay: 400, fadeOutSpeed: 200, position: 'top right', relative: true, offset: [10, 10], });<\/script> to find that key <em>via<\/em> brute-force &#8211; and that&#8217;s assuming that the &#8220;system&#8221; you&#8217;re trying to crack allows that many &#8220;tries&#8221; in a second. Banks usually only allow 3 tries, then they lock you out.<\/p>\n<p>Sufficed to say, as far as that &#8220;scenario&#8221; goes; the only way to get the key is if SmartMatic gave it to them in a silver platter. Because any other way would involve words like &#8220;God,&#8221; &#8220;immortality,&#8221; and &#8220;time travel.&#8221;<\/p>\n<p>So <em>Koala Boy&#8217;s<\/em> claim of cheating by mere interception of the [encrypted] data, and sending modified data remotely is practically impossible&#8230; unless they knew the key, and that would imply SmartMatic <em>itself<\/em> was in on the action. That, or that SmartMatic programmers are incompetent fools who didn&#8217;t use encryption with their transmitted signals &#8211; either scenario is highly unlikely.<\/p>\n<h1>Server Hack<\/h1>\n<p>I&#8217;ll use the iPhone as an example for this topic of discussion. The whole jailbreaking scene, up to this day, hasn&#8217;t found\/guessed the encryption key Apple uses for its hardware. At best, they are able to circumvent it <em>locally<\/em> in the device. But this sometimes isn&#8217;t enough IMHO; in some cases, there&#8217;s still the <em>server<\/em> you&#8217;ll have to deal with. <\/p>\n<p>The best example of this when you try to <em>downgrade<\/em> your firmware. Apple has put in an &#8220;extra step&#8221; when installing firmware on your device; iTunes has to &#8220;phone home&#8221; to ask permission from Apple servers if what you&#8217;re doing is allowed. In a nutshell; the servers <strong>do not<\/strong> allow you to <em>downgrade<\/em> your firmware&#8230; you can only upgrade it.<\/p>\n<p>No matter what hack you do on the device itself, you <strong>cannot<\/strong> fool the server into letting you downgrade. But the workaround <em>Saurik<\/em> has come up with was to create <em>another<\/em> server that acts like the Apple server &#8211; and by editing your machines&#8217; <code>hosts<\/code> file, you can redirect all calls to that server instead &#8211; and the fake server fools iTunes into thinking it&#8217;s talking to the official server, and  &#8220;allows&#8221; it to downgrade the device.<\/p>\n<p>In case you missed my point, my point is that in spite of all this, the official Apple server is still <em>untouched.<\/em> And all these hacks\/workarounds are ultimately for manipulating data coming <em>towards<\/em> your computer\/device. <\/p>\n<p>This is hardly the case with the elections; where you ultimately send data <em>out<\/em> to the official servers. And the concept of a &#8220;fake&#8221; server is not applicable in this scenario; everyone&#8217;s polling data from COMELEC and all other <em>official<\/em> servers that were tasked to handle the results. The only way to compromise the system on this level is if you had access and had hacked all the <em>official<\/em> servers.<\/p>\n<p>Possible, but again, what are the chances of that happening?<\/p>\n<h1>PCOS Hack<\/h1>\n<p>Most hardware hacks rely on exploiting some memory bug (what they call a buffer overflow\/overrun) this allows you to inject arbitrary code. Jailbreaking iPhones naturally use this type of exploit as well. <\/p>\n<p>I guess it <em>is<\/em> possible to say insert code that would fit right in between the part <em>after<\/em> the device recieves the votes, and <em>before<\/em> the data is encrypted and sent remotely. In the case of a jailbroken iPhone, this certainly seems to be the case; that&#8217;s why iTunes or the official Apple server still recognizes your hacktivated iPhone as a legitimate unit.<\/p>\n<p>The analogy I would use here is person A handling the vote receiving, person B handling the vote counting, person C is the messenger, and person D being the recepient. Persons&#8217; A, B and C are all within the PCOS machine, and person D is the server which only accepts official transmissions from person C &#8211; because only person C knows the &#8220;secret handshake&#8221;. If you can somehow get between A and C or B and C, you would have a shot, as you were able to manipulate the data locally before it was even &#8220;officially&#8221; encrypted (person C). <\/p>\n<p>I&#8217;m not going to lie, this <em>is<\/em> possible. In fact there&#8217;s a <a href=\"http:\/\/www.youtube.com\/watch?v=ifJw0r0rz_I\">video on YouTube<\/a> demonstrating exactly this with the whole DieBold debacle.<\/p>\n<p>Still, to successfully affect the election results significantly, you&#8217;d have to have compromised a lot if not <em>all<\/em> PCOS machines. Interception outside of the machine will not work (because person D will not accept person X masquerading as C, unless X also knew the handshake&#8230; which they probably <strong>don&#8217;t<\/strong> because of the crypto discussion mentioned above.)<\/p>\n<p>But again, being a possibility doesn&#8217;t mean it is the reality. For one, the video&#8217;s pretty old, if SmartMatic is worth its salt, they should&#8217;ve had dealt with that possibility a long time ago. Plus DieBold algorithms are not necessarily SmartMatics, so you cannot assume that the same approach will work for SmartMatic. There are too many unknowns.<\/p>\n<h1>The Bottomline<\/h1>\n<p>The bottomline is that all these &#8220;possibilities&#8221; no matter how compelling they are &#8211; are still speculation. The only way of <em>really<\/em> knowing if Koala Boy&#8217;s telling the truth is if his side can procure a working implementation of their &#8220;system&#8221; &#8211; specifically showing that it has compromised SmartMatic&#8217;s proprietary system. To believe his claims at face-value is quite sad as it speaks volumes of how fear\/rumors play a huge part in how our people think. Perhaps it&#8217;s that same fear-mongering that led us to select less than ideal leaders. But I digress&#8230;<\/p>\n<p>If you still can&#8217;t get the idea, try to remember &#8220;Iron Man 2&#8221; &#8211; Tony Stark was correct in claiming that his technology doesn&#8217;t exist anywhere else. And that would be a reasonable assumption. That his claim was disproven was precisely because there was a real-world implementation that refuted his claim&#8230; not because some asshole just claimed that <em>&#8220;it&#8217;s out there&#8230; somewhere&#8221;<\/em><\/p>\n<p>It is possible that there&#8217;s a flying teapot (from some damaged spacecraft) in orbit&#8230; does the possibility mean that it does exist? Remember, we&#8217;re not talking about the existence of God here, this sort of argument can be proven\/disproven quite easily if the whistleblower just step forward and put his money where his mouth is.<\/p><div class=\"speaker-mute footnotes_reference_container\"> <div class=\"footnote_container_prepare\"><p><span role=\"button\" tabindex=\"0\" class=\"footnote_reference_container_label pointer\" onclick=\"footnote_expand_collapse_reference_container_1028_1();\">Notes<\/span><span role=\"button\" tabindex=\"0\" class=\"footnote_reference_container_collapse_button\" style=\"display: none;\" onclick=\"footnote_expand_collapse_reference_container_1028_1();\">[<a id=\"footnote_reference_container_collapse_button_1028_1\">+<\/a>]<\/span><\/p><\/div> <div id=\"footnote_references_container_1028_1\" style=\"\"><table class=\"footnotes_table footnote-reference-container\"><caption class=\"accessibility\">Notes<\/caption> <tbody> \r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_1028_1('footnote_plugin_tooltip_1028_1_1');\"><a id=\"footnote_plugin_reference_1028_1_1\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>1<\/a><\/th> <td class=\"footnote_plugin_text\">on the encryption level<\/td><\/tr>\r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_1028_1('footnote_plugin_tooltip_1028_1_2');\"><a id=\"footnote_plugin_reference_1028_1_2\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>2<\/a><\/th> <td class=\"footnote_plugin_text\">By shifting the characters<\/td><\/tr>\r\n\r\n<tr class=\"footnotes_plugin_reference_row\"> <th scope=\"row\" class=\"footnote_plugin_index_combi pointer\"  onclick=\"footnote_moveToAnchor_1028_1('footnote_plugin_tooltip_1028_1_3');\"><a id=\"footnote_plugin_reference_1028_1_3\" class=\"footnote_backlink\"><span class=\"footnote_index_arrow\">&#8673;<\/span>3<\/a><\/th> <td class=\"footnote_plugin_text\">Yeah, that&#8217;s 2 million-million-millinon<\/td><\/tr>\r\n\r\n <\/tbody> <\/table> <\/div><\/div><script type=\"text\/javascript\"> function footnote_expand_reference_container_1028_1() { jQuery('#footnote_references_container_1028_1').show(); jQuery('#footnote_reference_container_collapse_button_1028_1').text('\u2212'); } function footnote_collapse_reference_container_1028_1() { jQuery('#footnote_references_container_1028_1').hide(); jQuery('#footnote_reference_container_collapse_button_1028_1').text('+'); } function footnote_expand_collapse_reference_container_1028_1() { if (jQuery('#footnote_references_container_1028_1').is(':hidden')) { footnote_expand_reference_container_1028_1(); } else { footnote_collapse_reference_container_1028_1(); } } function footnote_moveToReference_1028_1(p_str_TargetID) { footnote_expand_reference_container_1028_1(); var l_obj_Target = jQuery('#' + p_str_TargetID); if (l_obj_Target.length) { jQuery( 'html, body' ).delay( 0 ); jQuery('html, body').animate({ scrollTop: l_obj_Target.offset().top - window.innerHeight * 0.2 }, 380); } } function footnote_moveToAnchor_1028_1(p_str_TargetID) { footnote_expand_reference_container_1028_1(); var l_obj_Target = jQuery('#' + p_str_TargetID); if (l_obj_Target.length) { jQuery( 'html, body' ).delay( 0 ); jQuery('html, body').animate({ scrollTop: l_obj_Target.offset().top - window.innerHeight * 0.2 }, 380); } }<\/script>","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve mentioned my general opinions regarding this topic. But I guess it would be helpful to drill down deeper. The thing that makes this issue complicated is that both sides have their respective legitimate arguments &#8211; and the &#8220;problem&#8221; I see is how people assume something has happened simply based on the possibility that it &hellip; <p class=\"link-more\"><a href=\"http:\/\/nargalzius.com\/blog\/archives\/2010\/05\/25\/hocus-pcos\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Hocus PCOS&#8221;<\/span><\/a><\/p><\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[4,5,13],"tags":[473,595],"class_list":["post-1028","post","type-post","status-publish","format-standard","hentry","category-general","category-internet","category-technology","tag-general","tag-internet"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/1028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/comments?post=1028"}],"version-history":[{"count":0,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/posts\/1028\/revisions"}],"wp:attachment":[{"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/media?parent=1028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/categories?post=1028"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nargalzius.com\/blog\/wp-json\/wp\/v2\/tags?post=1028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}