10/08/2017
THIS IS HOW THEY HACKED IEBC SERVERS
Hacking is an Art, its never just about penetrating Computer systems and Networks to gain unauthorized access into systems. It can only be equated to Military General Sun Tzu of 544BC.
So much goes into hacking and thats why it requires those who have the offensive and defensive kind of thinking, meaning, those who understand deeply how computer systems functions and how they are broken.
Two of the most important stages in hacking is Reconnaissance (Information Gathering) and covering your tracks, and thats why the Motto in the Cyber Warfare is "Enter and Leave undetected" but those who hacked the IEBC transmission never really understood that last part.
This is what happened.!
One of the easiest way to hack any system is to have a higher privilege mode and you can get this by obtaining a legitimate users credentials and that is why they tortured and killed Musando to get the login credentials, but from the log evidence provided by NASA , the hackers didnt get the correct user-name and password combination and thats why in line 1, there is a failed login that has a state 8 in line 10. State 8 means there was a password mismatch.
After Brute-forcing their way in, the server starts to have a higher utilization, meaning that the server was getting more requests from unauthorized users than than it was meant to handle, this is evident in the time stamps, between 20:12:56 and 13:12:50, they slowed down to let the system cool in order to avoid a 503 server error which could have ended up crushing the server or making it restart.
IEBC had implemented a VPN (Virtual Private Network) for their result transmission , VPN is an encrypted channel of communication , meaning that it uses SSL(Service Socket Layer) and that is why you always see the HTTPS instead of HTTP In website URLs. the S in the HTTP means the communication is encrypted. The hackers used an SSL striper program to unencrypt the channel so that the results that were coming from the polling stations could be in clear text, then they did a Man-in-the-Middle attack, this is an attack that places the hacker right in the middle of the result transmission so that the results transmitted from the polling stations first passes through the hacker who edits them then relay them to the IEBC server.
After unencrypting the VPN communication, they installed a traffic monitoring tool so that they could monitor all the results and then edit them.
From the server log second page line 1, the MULTI_USER is set to ON, this is a mode that allows anyone who has obtained the login credentials to access the database,this is always the default setting for Microsoft SQL database. The hackers changed this mode from RESTRICTED_USER which could only allow those with db_owner(Meaning database owner) privilege and db_creator like Musando to have access to the server.
I said these hackers were not that good in their art because they left a lot of digital fingerprints(evidence) in the logs. they could have edited the logs but even then, these logs could have been found in the router as well.
Now this is what the IEBC and NASA need to do.
From the Router, Switch, and Server , let them pull out the logs, get both the IP and MAC addresses because these hackers might have used either cloned MAC or IP addresses. or if they were stupid enough they used real IP and MAC.
After narrowing down to the list of unauthorized IP and MAC addresses that accessed the server , do a triangulation on them to get the longitude and the Latitude of their position, then go to Google map or Google earth and get the exact location and the building that these hackers were operating from.
THERE IS NO COMPUTER ON THIS EARTH THAT CAN EVER BE MORE POWERFUL OR SMART THAN THE HUMAN BRAIN.
