Bulk of Metro Manila and two provinces’ precinct results of the 2022 presidential election “illegally” came from one private IP address.
“That’s proof of election rigging,” said former information-communication technology secretary Eliseo Rio.
His team of computer forensic examiners has discovered that:
• 98.8 percent of Metro Manila precinct results were received from only one private IP (internet protocol) address, 192.168.0.2.
• 95.5 percent of Cavite results came from the same 192.168.0.2.
• 81 percent of Batangas results still came from 192.168.0.2.
• Remnant Metro Manila, Cavite and Batangas results came from different private IP addresses starting with “10″.
• 192.168.0.2 was used in all other provinces that “mysteriously” sent results within an hour of balloting’s end at 7 p.m.
“It is now clear why Comelec (Commission on Election) cannot show the telcos’ Transmission Logs as Chairman George Garcia promised on Oct. 18, 2022,” Rio said.
[Transmission logs] will show that most election returns received by the Transparency Server in the first hour of counting did not pass the networks of the telcos, but were preloaded by a secret man-in-the-middle gateway, a gatekeeper, with private IP address 192.168.0.2.
Whoever manipulated the Transparency Server results already knew the outcome of the 2022 Election even before votes were counted.
Rio summarizes his findings in 22 slides, “Uncovering the Biggest Scam in our Electoral History”. He presented it Sunday, July 23, to Global Transparency and Transformation Advocates Network.
Comelec has yet to respond to public calls for explanations on Rio’s exposé. Appointed commissioner in March 2022, Garcia was former election lawyer of President Ferdinand Marcos Jr., who made him chairman four months later in July.
An ex-general, Rio headed the AFP (Armed Forces of the Philippines) Research and Development Center and Communication-Electronics Group. First trained in electricals, he finished college as an electronics-communication engineer.
As DICT secretary, he chaired the Comelec Advisory Committee for the 2019 congressional-local election.
Rio’s team scrutinized “raw files” uploaded Mar. 23 on the Comelec website. Also in the website are reception logs of the Comelec Transparency Server in the May 9, 2022 election.
Garcia “mislabeled” the reception logs as “transmission logs” that Rio has been asking for.
The “raw files”, in Word format, contain precinct identification numbers and private IP addresses of the transmitting vote counting machines. It would take two reams of bond paper to print them, Rio said.
For security reasons Rio withheld identities of his examiners, except for U.S.-based retired specialist Oscar Santos, “a patriot”.
Using Excel and other software, they crosschecked the raw files with time-stamped Transparency Server reception logs.
Discoveries:
- Of Metro Manila’s 8,753 VCMs, 8,644 had the same IP address 192.168.0.2. One hundred nine VCMs had other private IP addresses starting with “10”; sent either in batches or singly. IP addresses of the remaining 1,709 are still being reviewed.
- Of the 8,644 VCMs, 5,913 sent results within one hour of precinct closing. “An impossibility,” Rio says, because precinct inspectors had first to perform nine time-consuming tasks, including printing of eight copies of election returns, before transmitting.
- Of Cavite’s 3,371 VCMs, 3,219 had IP address 192.168.0.2. One hundred fifty-two VCMs sent via other IP addresses beginning with “10”, also singly or in batches.
- Of the 3,219 VCMs, 2,403 transmitted within the first hour
- Of Batangas’ 2,858 VCMs, 2,316 sent via IP address 192.168.0.2. Five hundred thirty-five VCMs had other IP addresses starting with “10”. IP addresses of seven are still being determined.
A man-in-the-middle or intervening router/server is illegal, Rio said . In 2019 Rio’s CAC specifically banned any such “meet-me room or router”.
Comelec broke the 2008 Automated Election Systems Law and consequent general instructions, Rio added.
“To think that it contracted Smartmatic for P1.053 billion for secure electronic transmission services.”
The raw files are still on Comelec’s website. “They can’t take it down; it would be more suspicious,” Rio said. “Whoever uploaded it is a whistleblower who wanted info-technologists to dissect the anomalies.”
