Hacker Warns ‘Serious Vulnerability’ Plaguing Online Voter Lists
The Cambodia Daily | 14 April 2017
A hacker behind a series of leaks smearing senior government officials and their relatives on Thursday warned that the government’s online list of registered voters for the June 4 commune elections was vulnerable to hacking and urged experts to make the site more secure.
The hacker, who goes by the alias Champa Borey, sent out an email warning that “anybody with expertise can add/edit/delete voter database through this security hole called ‘SQL injection.’”
The message included a link to a YouTube video walking viewers through the process of changing the list online as well as a few tips on how experts could fix the “serious vulnerability.”
Hang Puthea, spokesman of the National Election Committee (NEC), which runs the site, said someone had tried to hack the online list on Thursday morning, but claimed the attack was spotted while in progress and thwarted.
“They tried to hack our voter list this morning for an hour, but did not succeed,” he said.
Mr. Puthea downplayed the risks, noting that the government kept the original list offline and that experts were constantly on duty.
“We will use the original copy on Election Day, but they won’t be able to hack it because the passwords will be switched automatically,” he said.
The online list was also hacked in January, just days after its launch, prompting a police investigation.
Mr. Puthea said on Thursday that the first attack was still under investigation.
Asked whether he knew who was behind Thursday’s attack, he said he was not at liberty to say and referred the question to the Interior Ministry. Ministry spokesman Khieu Sopheak said he was busy enjoying the Khmer New Year holiday, which had yet to officially begin, and declined to comment.
A statement issued by the NEC later in the day blamed the attack on “bad people” and added that communes had already been issued with hard copies of the official voter list, suggesting that the move should make any hacking of the online list a moot point.
However, changes to the online list could potentially fool registered voters into believing they are not on the list or that they are registered in another commune.
Koul Panha, director of the Committee for Free and Fair Elections in Cambodia, a nongovernmental watchdog, urged the NEC to seek technical help in strengthening the online list from Japan and the E.U., which have each donated millions of dollars to help the country run a clean election.
E.U. Ambassador George Edgar said he could not comment on the veracity of the hacker’s warning but was following up with the delegation’s technical experts.