This is one question that has been bugging these past few days - Can you hack into an offline PC? . This is in relation to an ongoing discussion here in the Philippines concerning the coming 2010 Philippine National election, particularly the integrity and security of the system. I am sure you are aware that we will be automating this 2010 election - for the first time.
There are a lot of apprehensions and as early as now, there are some groups who are already preparing for a failure of election scenario. As an I.T. practitioner, my concern is the security of this system.
The Commission on Election (COMELEC) and Smartmatic (provider of the poll automation application) is assuring the public that the system is secure, that they have provided the necessary security features to prevent any hacking or intrusion so to speak.
According to election officials, aside from security application and firewalls, the servers (I assumed) will not have a keyboard to prevent any inputs, no ports like USB, firewire to prevent illegal copying, no bluetooth nor infrared capabilities. The officials also added that the servers will be offline most of the time and will only be online for a couple of seconds for election result transmission.
There are two kinds of hacking - internal and external. If it's internal, then with all the security features in place like no keyboard, no ports etc. I can't imagine how one can alter the result of the election unless this person or group of people will burn the computers. We don't call that hacking, we call it destroying the system physically.
Let us now discuss the external hacking. How can you infiltrate a system from a remote site if the system is offline? Can you hack an offline computer? And even if for the sake of discussion that the system will go online for a couple of seconds - how much time does a hacker needs to alter or erase the election results - considering that security infrastructures are in place?
Can it be done in 5 seconds? 10 seconds? minutes? hours? You tell me.
I hate to say this but there are people here who are claiming to be technology experts, going to the extent of saying that they can hack into the servers by just using their mobile phones since their phones are equipped with Bluetooth? HUH? Really now?
Let me just say that scrutinizing the poll automation system is a good exercise. This will keep the COMELEC and Smartmatic on its toes. But to paint a doomsday scenario about the exercise because of technology is uncalled for. Why start the whole process when trust and faith to the system is not in place to begin with?
No comments:
Post a Comment