The National Election Commission: "Hacking of Voting and Counting Virtually Impossible... Emphasizing Manipulation Possibility Undermines Democratic Legitimacy"

On the 10th, the National Election Commission (NEC) rebutted the National Intelligence Service's (NIS) announcement that "both the NEC's voting and counting systems can be hacked," calling it a "virtually impossible scenario."

Regarding the joint information security system consulting results conducted by the NIS, Korea Internet & Security Agency (KISA), and the NEC on the same day, the NEC explained, "For the technical possibility to actually lead to election fraud, a large number of internal collaborators must systematically participate to provide system-related information to hackers, disable the commission's security monitoring system, and replace physical ballots with manipulated values while evading the eyes of numerous people." The inspection conducted this time was limited to technical aspects and was carried out excluding legal and institutional control measures to prevent election fraud.

Earlier, the NIS stated at the National Cybersecurity Cooperation Center in Seongnam-si, Gyeonggi Province, through the "NEC security inspection" results, that the NEC's computer network and voting and counting systems are in a state where North Korea can infiltrate and manipulate them at any time.

The 8th nationwide local elections are 20 days away, as seen on the 12th at the Central Election Commission in Gwacheon-si, Gyeonggi-do. Photo by Mun Ho-nam munonam@

In response to the NIS's announcement of the inspection results, the NEC went beyond simply disputing the facts and criticized the potential repercussions of the announcement. The NEC said, "Highlighting only the technical possibility of hacking and mentioning the possibility of manipulating election results ▲ encourages election disputes that undermine social integration, ▲ lowers the reliability of the election system causing public anxiety and social confusion, and ▲ furthermore risks damaging the democratic legitimacy of the elected power," adding, "Our country's election management process has various institutional measures that guarantee safety and verifiability, making election result manipulation virtually impossible."

Regarding the possibility of hacking the counting system, the NEC stated, "Our country's voting and counting are conducted through 'physical ballots' and 'public manual counting,' and information systems and mechanical devices are merely auxiliary means," adding, "Numerous clerks, related officials, observers, and voters participate in the voting and counting process, and the counting results can be verified at any time through the physical ballots."

Regarding the possibility of unauthorized printing of early voting ballots printed at the voting site, the NEC said, "Although the possibility was raised that hacking could steal the commission's seal and election manager's signature files printed on early voting ballots, allowing unauthorized printing of early voting ballots, it is practically impossible to issue ballots identical to the actual ballots without acquiring not only the seal and signature but also the ballot issuing machine, dedicated drivers, and programs."

The NEC also stated that there was no trace of intrusion caused by North Korean hacking. The NEC said, "No traces of election system intrusion caused by North Korean hacking were found during the security consulting," but added, "However, around April 2021, one employee's external internet PC was infected with malware, but no traces of intrusion into the internal work network or election system were found." Previously, the NIS notified the NEC of eight hacking attacks by North Korea, but the NEC did not recognize the damage before the NIS notification and left the matter unattended without investigating the cause of hacking or confirming whether data leakage occurred afterward.

However, the NEC announced plans to strengthen security in response to these points. The NEC said, "To ensure that citizens can vote with confidence in next year's National Assembly election, we will further strengthen system access control and management, add security equipment, and form a 'Security Consulting Result Implementation TF Team' to check and inspect the follow-up implementation status of improvements," adding, "We will strengthen the audit department's functions to conduct in-depth audits in security areas such as the adequacy of information protection policies, cyber crisis management response systems, and prevention of information leakage."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.