Logo of Phnom Penh Post newspaper Phnom Penh Post - NEC shrugs off database hack

NEC shrugs off database hack

Content image - Phnom Penh Post
NEC member Rong Chhun speaks to the press about candidate lists for the upcoming commune elections yesterday in Phnom Penh. Pha Lina

NEC shrugs off database hack

Officials and foreign donors yesterday sought to play down concerns over the security of the National Election Committee’s voter list, after anonymous leaker “Thleay” released a video appearing to show manipulation of the database and the NEC confirmed it had been hacked.

The European Union and Japanese government have been major donors to the voter registration process, which saw 7.6 million of the more than 9 million eligible voters registered last year. The ambassador to Cambodia said the technical flaw had been corrected by experts.

The voting list is hugely politically sensitive after opposition parties claimed the 2013 election was stolen by the ruling CPP and ahead of commune elections in June and national elections in 2018.

“Thleay”, which means “leaks” in Khmer, last week released a YouTube video showing what appeared to be the hacking of the NEC’s online database of voters and alteration of one of the entries. The hacker can be seen changing Prime Minister Hun Sen’s name on the list to “Piseth Pilika” – a provocative reference to the late dancer and alleged mistress of the premier.

The hack was apparently conducted using an “SQL injection” that took advantage of vulnerabilities in an online form that allows users to look up their voter information. By exploiting the vulnerability, attackers were able to run their own queries and alter database entries.

NEC spokesman Hang Puthea said the body had detected the hack before the Khmer New Year celebrations and maintained the hacker was only able to change details on the webpage, not the actual list, which is maintained offline.

“We already have [security] measures so the hacker could not go in deep into the list,” he said. “The source of the voter list is in a safe place and has no internet linked to it.”

Asked if authorities were investigating the breach, Puthea declined to comment. Chea Pov, director of the National Police’s cybercrime department, also declined to comment.

The creation of a new voter list, as part of wider electoral reforms, was part of the political deal struck by the two major political parties in the aftermath of the 2013 national elections, when the opposition CNRP contested the result that gave a narrow victory to the CPP.

George Edgar, EU ambassador to Cambodia, said the main voter registration system was separate to the online database, which was only a copy of the offline database.

“We understand that when they became aware of information on the hacking risk, the NEC closed the voter register website,” he said via email. “It has since been reactivated, and restored as a new copy from the original vote register.”

Cybersecurity expert Niklas Femerstrand told The Post that SQL injections were a critical vulnerability in web applications, and noted that even if the main database was offline, the same intrusion could be used to manipulate it if the main list was maintained on the same internal network.

“For this reason it is strongly recommended the NEC considers the database server as fully compromised taking necessary action to reinstall it from scratch,” he said in a message.

Yesterday, the NEC also said it would hand out paper notifications over the next month to each voter informing them of their polling station, but stressed that the notes weren’t a replacement for the ID cards required to cast a ballot.

Meng Sopheary, the opposition Cambodia National Rescue Party’s head of election affairs, expressed concerns that the process of handing out the notifications – which will involve commune councillors, a majority of whom come from the CPP – could be used to improperly campaign among voters.

However, Tep Nytha, secretary-general of the NEC, said election committees consisting of NEC officials, commune councillors and observers would oversee the process, thereby preventing any politicking prior to the two-week campaign period starting May 20.

MOST VIEWED

  • Prince Norodom Ranariddh passes away at 77

    Prince Norodom Ranariddh, the second son of the late King Father Norodom Sihanouk and former First Prime Minister of Cambodia, has passed away in France at the age of 77. “Samdech Krom Preah Norodom Ranariddh has passed away this morning in France just after 9am Paris-time,”

  • General’s gun smuggling ring busted

    The Military Police sent six military officers to court on November 22 to face prosecution for possession of 105 illegal rifles and arms smuggling, while investigators say they are still hunting down additional accomplices. Sao Sokha, deputy commander of the Royal Cambodian Armed Forces and commander of

  • More Cambodians studying in US

    The number of Cambodian students studying at US colleges and universities in 2020-21 increased by 14.3 per cent over the previous year despite the Covid-19 pandemic, according to a recent US government report. The 2021 Open Doors report on International Educational Exchange showed that 848 Cambodian students studied

  • Cambodia, Thailand to discuss border reopening

    Cambodian authorities from provinces along the Cambodia-Thailand border will meet with Thai counterparts to discuss reopening border checkpoints to facilitate travel, transfer of products and cross-border trade between the two countries. Banteay Meanchey provincial deputy governor Ly Sary said on November 22 that the provincial administration

  • Banteay Meanchey gunfight sees 15 Thais arrested, three officers injured

    The Banteay Meanchey Military Police have arrested 15 Thai suspects and their accomplices after a gun battle between two Thai groups caused injuries to three police officers in the early hours of November 21, local authorities said. National Military Police spokesman Eng Hy said that according to

  • PM: Do not defile Tonle Sap swamp forest or else

    Prime Minister Hun Sen ordered police to arrest anyone – including government officials – involved with the deforestation of the flooded forests surrounding the Tonle Sap Lake because it is an area important to the spawning of many species of fish, among other reasons. Speaking in a