Tai Arap Kandie Profile picture
Aug 23, 2022 29 tweets 7 min read Read on X
I wanted to take a few minutes to analyse the affidavits that touch on IT given by John Githongo and Benson Wesonga. I got this off a tweet by @MwangoCapital. Thank you @David_Indeje for making it easy to access all the information.
The John Githongo affidavit available here: drive.google.com/drive/folders/… and the Benson Wesonga affidavit available here: https://t.co/oLKve5st8m.
John's affidavit is to show that he had been in touch with someone who knew of the goings on at the UDA tallying centre. Wesonga's affidavit is to back up John's affidavit as an ICT practitioner with many years of experience.
My interest was triggered by this statement by the young man...“were involved in a large scale, well-orchestrated fraudulent scheme that enabled them to interfere with and compromise the IEBC electoral data transmission system and manipulate the presidential election results...”
Let us delve into the documents provided.
From this screenshot, you will see that they have the IEBC site open on two windows and of course the page forms.iebc.or.ke. That little favicon on the left shows that one of the technologies https://t.co/G0CLiOOGjN is running is Vue.js. The page in current view is login. Image
Because the credentials are not passed, it immediately writes to the screen the error. And it stops there. That greek for the layman is a language called XML. It formats data between <…> </….> and does not DO anything. If you have done any web design, it's similar to HTML.
In comes Filezilla Server to help us with telling the story that hacking had happened. Just download it and change the credentials to those you see and viola. Things look legit.
But then there is a small small problem. Things are going to get hard small in a few seconds.

So, the first people who accessed the forms that is asenge@iebc.or.ke and ekitum@iebc.or.ke did so from the IP address from 15:07:35 PM AND 15:44:39 pm.
Quick check on the IP - - is on the Telkom network. Image
Coincidentally, it has an unsecured copy of the IEBC site. This information is now in the public domain, so hakuna hacking hapa. Check and screenshot before they pull it down.... ImageImage
So now, they want to show us what has been happening from the "server" side.
asenge@iebc.or.ke ( at 15:07:35 PM starts the process of STOR. This is an FTP (file transfer protocol) command for uploading a file. In our case it is F34A-001-Changamwe.jpg.
The server opens up to receive the file being transferred (1) and successfully saves it (2).

(1) 150 Opening data channel for file upload to server of "/F34A-001-Changamwe.jpg"
(2). 226 Successfully transferred "/F34A-001-Changamwe.jpg"
Seems all normal.....well...NOT.

For each STOR command by default there is a response. Successful or not. To add the same document to the server, it also throws a response.

But that was not shown.

Hapo iko little editing. Haisuru. We shall continue. Let us take a chai break
@JohnKenn4 insists that I should take tea while typing.

So, the small small edits other than deleting the responses is the time.

15:07:35 PM my military friends will be the first to note.

No way that the time is correct.

Continuing shortly.
In comes mlempaka@iebc.or.ke using IP look at the difference in timing for the same operation and the overflow onto the task bar. That overflow on the task bar shows how bad this story is. Image
Maybe it was a challenge for the person given that it was 23:15 and they may have missed their evening coffee break. But do we say?!
So, in the next page, they try to show how files were changed from .jpg to .pdf. They forgot to show us the process 🤓. All we see is the same file being uploaded as a PDF after a couple of minutes. Haisuru, let us continue. Image
The next page shows the same with a different user with a different IP. The overflow continues and the there is an uneven elevation where the print is on. Image
Then comes the bummer. There is a note but if you look carefully at the time, the user wchebukati@iebc.or.ke does not use the said IP.

Remember when you access a website, your IP address is NOT the same as the website. That detail was completely lost to this 'hacker team'. Image
The same distortion continues. What is interesting, is that jjwii@iebc.or.ke forgets that the password is required. So, he changes the directory, which we don't see of course, deletes a file, he wants to rename a file and is told it exists. Image
He then, Then he renames the file to F341-1-LAIKIPIAWEST.jpg because F34A-031-1 LAIKIPIAWEST.jpg exists.

The file is successfully renamed at that odd time.
Conclusion of this whole analysis.

Someone is lying about the hacking. The email addresses were known to the person. Time was not chronologically given because they were pulling from everywhere. This work was done in a hurry. To the untrained eye, it would have passed.
PDFs are easy to generate from the side of either the KIEMS Kit or the server side automatically. The notion that individuals sat to change this....And it is proven by how much time it took them to display the same. Despite the wrong time display.
Lastly, if you look at the forms that they have tried to display, none has the name changed on the portal. Remember, this was what was open to us. Image
The times indicated are a figment of someone's imagination. Other than that, note that the forms all followed a format, county and identical polling station numbers. That number is both on the form and is on the corresponding file number.
Kesho ni siku. I will answer the questions on my TL.
Side note for techies. On the bookmarked items are the links to: Youtube Open-Source Intelli, DreDown and View Defeway cam. You know that someone was in class and off course, the last one...your guess is as good as mine.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Tai Arap Kandie

Tai Arap Kandie Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @TonwaTai

Aug 26, 2022
Get a cup of your favourite hot drink. Let’s start.

History kidogo tu. Please keep this in mind because we are going to be pulling up that knowledge later on.
The Elections Act, 2011 requires the electioneering body IEBC to transmit the results electronically (via a Results Transmission System RTS) from the 27,410 polling centers to the constituency tallying centers and to the National tallying center.
The Elections Act requires the following:
IEBC to contract Mobile Network Operators (MNOs) for Results Transmission System (RTS) "The telecommunication network service providers shall be under obligation to provide and deliver services as may be requested by the Commission”.
Read 61 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!