Rumours about Data Leakage from Civil Referendum SystemBack

 
August 29, 2014

 

Recently there have been rumours saying that the“6.22 Civil Referendum” voting system has been hacked and some personal data of the voters was leaked. As the event was organized by Public Opinion Programme (POP) at The University of Hong Kong, we would like to clarify the following points:

  1. The spread of suspicious personal data on the Internet does not come from the “6.22 Civil Referendum” system. It is completely fabricated. In addition, the so-called method to bypass CloudFlare’s security system and gain access to the intended data is technically impossible.
     
  2. The personal data collected by the “6.22 Civil Referendum” system had all been hashed before they were stored, so any personal data in plain format was never made availiable for use nor leakage. The system had passed numerous penetration tests before it was launched, and no problem was located.
     
  3. The event website and the voting system run independently and no transmission of personal data was in place. Hence, there are no possible ways to intercept any personal data in between. Besides, the servers of the system, including the database, were immediately closed down after the event.
     
  4. All hashed personal data had been completely destroyed on June 30, 2014 while all paper ballots were also completely shattered on July 3, 2014.
     

In response to these rumours about leakage of personal data, Robert CHUNG Ting-yiu, Director of POP, observes, “Both the civil referendum and electronic hi-tech system are assets of the civil society, it should not be regarded as a tool in political struggles. Unauthorized access to personal data is by all standard an unethical and illegal behavior that should be denounced. The “6.22 Civil Referendum” system was highly secured to avoid any possible leaking, and all personal data were well proteceted. People in the dark using unrevealed methods to attack and smear the civil referendum are by no means helpful to resolve the social conflicts.”


Technical Notes (Chinese only)
 

近日有網上文章講述如何入侵「6.22民間全民投票」PopVote系統,盜取個人資料。民研計劃暫且不從道德或法律觀點探討問題,只在技術層面分析是否可行,以探究是非黑白。鑑於市民大眾可能沒有知曉PopVote投票系統如何保障投票人士的個人資料,容易被誤導,現作以下解釋:

  1. PopVote投票系統的伺服器由CloudFlare提供雲端防火牆保護,第三者絕不可能直接存取伺服器資料。而用戶與伺服器之間的資料經SSL加密的渠通傳送,已保障其間沒有第三者可以查?或更改資料。
     
  2. 投票者的香港身份證號碼及手機號碼在儲存於數據庫前已全部變成不能還原的散列函数,因此從來沒有文字版本的個人資料存放在PopVote的數據庫。
     
  3. PopVote投票系統於正式啟用前已進行過多次不同規模的滲透測試(即模擬黑客入侵系統),證實系統沒有任何洩漏資料的保安問題。
     
  4. 所有6.22投票系統的伺服器,包括數據庫,已於活動結束後隨即關閉。關閉後已無法再連接到投票系統的伺服器。活動網站 https://popvote.hk 與投票系統是獨立運作,而活動網站與投票人士的資料沒有連繫,沒有個人資料傳遞,沒有截取資料的可能。
     
  5. 最重要的是,所有以電子方式儲存於數據庫的個人資料散列函数,已於2014年6月30日徹底銷毁,而記載於紙張選票的個人資料則於2014年7月3日全部註銷。
     

網上文章講述CloudFlare有破綻,原理是尋回舊有的域名資料,盼能直接存取CloudFlare正保護的伺服器。可是文章談及的www.crimeflare.com網站並沒有列出PopVote投票系統的真實IP地址,作者只是用了一個沒有交代任何資料的"CDN的小工具"來找出popvote.hk資訊網站的伺服器IP地址。因此,文章上半部份所述的資料,以及找出IP地址的方法,其實沒有說明。盡管那小工具能夠找到popvote.hk資訊網站的伺服器IP地址,這個網站是跟投票系統完全獨立運作,找到這個地址亦無法找到存放投票資料的數據庫。
 

文章其後講述使用SQLMap工具直接存取投票系統的數據庫,卻沒有交代數據庫的地址如何尋得,只是直接把數據導出。但導出來的資料格式,並不是PopVote投票系統所儲存的散式函數。民研計劃憑著這些破綻,可以肯定文章內容屬於捏造,所述的技術其實絕不可行。
 

民研計劃的PopVote投票系統設計精密,操作嚴謹。民研團隊在了解有關網上文章後,肯定其所述步驟不可能存取投票人士的個人資料。至於正在流傳的所謂個人資料,就算屬實,亦不會是由PopVote投票系統取得。
 

民研計劃設立PopVote普及投票平台,目的在於讓市民能以和平理性的方式表達意見。從2012年3月23日的「3.23民間全民投票」,至剛完成的「6.22民間全民投票」,投票平台經歷過五次演進,已經成為能夠成功接收接近80萬選票的平台。在每次投票活動之中,投票人士都能嚴肅看待,票站排隊人士條理有序,這是香港人的驕傲。


查詢:民研計劃科技經理 馬晉彥(電話:3917 7710)