How Kenya presidential polls were rigged



1.341 users accessed the system between 6th August 2017 to 22nd August 2017

2. There were 3395 failed log in attempts and 3851 successful log in attempts within the same period


3. Strangers and unauthorized staffs logged into the system between 8th-22nd August 2017

4. Chebukati’s account was used to transfer, modify and delete files including form 34As.

5. Chebukati’s account had 9934 transactions logs within the same period.

6. Chebukati’s account used an IP address that was not part of IEBC Partners address.

7. Chebukati’s account uploaded form 34B from Jomvu constituency

8. On 9th August 2017 Chebukati’s account downloaded, re-uploaded and deleted form 34B from Bureti Constituency.

9. On 13th August 2017 Chebukati’s account transfered folder for Kisumu central constituency.

There were cases of use of non partner IP addresses eg wananchi and liquid telcom

Forms 34A and 34Bs were posted by Constituency Elections Coordinators (CEC) at constituency level instead of from polling stations during and after the election.

There is no trace of data originating from any polling station. This raises questions whether data on the server came from the polling station.

Some constituencies have no trace of any Form 34B uploaded on to the server.

In other constituencies Form 34B were uploaded more than once.

There were several instances of uploading files and retrieving them by various users.

Only 277 users accessed the FTP server between August 6th 2017 and 17 August 2017 yet data was supposed to be uploaded from each polling station.

There are instances of one user using multiple IP addresses to access the FTP server. Eg used 10 different IP addresses contrary to the static IP address allocation for the KIEMS Kits and the access control policy.

There were renamed or modified forms in various constituencies as seen from the FTP Server logs provided by IEBC

Constituency Elections Coordinators (CEC) made various modifications multiple times eg: from sotik in bomet county was able to install software applications on 09th august 2017 among other interventions

The CEC for Kibwezi East uploaded the same form 34B more than once at different times. made modifications on Jomvu Form 34B deleted form 34B from changamwe constituency

Some accounts granted were misused to carry out unauthorized and malicious activities.

There were a total of 8300 delete commands.

7954 delete commands were successfully executed between 8th August 2017 at 2232hrs and 17th August 2017 at 1319hrs.

File Formats

Different file formats were uploaded on to the FTP server which shows there no input controls.

Some files were in editable formats such as EXCEL AND WORD DOCUMENTS.

(The Statutory Forms came in hard copy already printed therefore the system should not have had editable file formats)

Mismatched user privileges. One user is a CEC from sotik bomet was not a privileged user to install software application on a IEMS. No controls.

On the 8th of August there was no traffic on the firewall. Traffic started flowing from the 12th August 2017 at 2.44 CEST (-1GMT)

The amount of data in terabytes per second was the same for both incoming and outgoing traffic into the server

That is why SC Orengo told the court he can’t believe his eyes!!! GhanaWeb