Presumable purpose of the leak of the Georgian voters’ data base

Lana Giorgidze

On March 30, news portal Zdnet reported about the hacked data base of the Georgian voters, which was published online. On Saturday, March 28, the personal data of more than 4,9 million citizens of Georgia (including deceased people) were published on a hacker forum (1.04 GB MDB file), which contained such personal data like: first name, surname, place of birth, ID number and phone number. 

In response to the information of publishing the personal data of more than 4.9 million voters by hackers, the Central Election Commission stated that the released data is radically different from the data of the voters’ list stored at the Election Administration (EA) portal.

“The CEC portal displays information about 3.5 million voters obviously excluding information about deceased; in addition, for the purpose of compiling the voter list, the CEC is not given information about the voter's father's name, phone number or ID card number, and therefore does not possess such information in its voter database. In light of the information provided above, the CEC states that the information released at the hacker’s site is not processed by the CEC and the database itself differs by its data, format and structure from the information possessed by the EA. It is also worth noting that no cyber incident has been reported to the CEC at this stage, and verification has shown that the personal numbers and addresses posted at the hacker site do not match the CEC voter database,” the statement of the CEC reads. 

The CEC statement underlines that with the help of the US Government, the election administration plans to improve the cybersecurity of the EA.

 

The chairman of the International Center of Civic Culture Kote Kandelaki told humanrights.ge that the data released by hackers is not voters’ list that was already clarified by the CEC. “It may be the data base of mobile operators. In 2011, the commission was established for the revision of the voters’ lists. Maybe, this data base was used then and somebody got hold of it. It could be a political party too,” Kote Kandelaki said.

The International Society for Fair Elections and Democracy (ISFED) reacted to the fact with the statement and clarified that the published data is outdated and does not match voters’ lists of the CEC. 

Notably, average number of voters in the unified voters’ list of Georgia was no more than 3.5 million for elections held in the last 15 years, and the highest number of voters had been registered for the 2012 elections - 3,613,851 people. In addition, according to Geostat, average number of deceased population was 48,757 per year (a total of 341,296 in 2012-2018). Therefore, it is unlikely that the leaked database is the voters’ list. The report is accompanied by a screenshot of the database, containing information that differs from the unified voters’ list both in terms of format as well as the type of information processed by the CEC. In particular, the CEC does not process voters’ phone numbers and number of their ID documents, which further substantiates suspicions that the leaked database is not the voters’ list,” the ISFED statement reads. 

At the same time, the ISFED is concerned with the alleged fact of the leak of personal data of the Georgian citizens. “If the personal data was so comprehensive, they may have been leaked from another public agency or may have been created by processing several different databases that contain personal information.”

Humanrights.ge asked the executive director of the ISFED Mikheil Benidze what was the presumable purpose of the release of the data and who was interested to leak the personal data of the Georgian citizens. 

Mikheil Benidze said that 7 months before the scheduled parliamentary elections, the release of the personal data might aim to undermine the trust to the voters’ list and the election process. 

“It is not excluded that our enemy state may have hacked the personal data of the Georgian citizens. We all remember mass hacking of the Georgian servers in October of 2019. In February 2020, it was determined that Russia stood behind this hacker attack. The Georgian investigation team released this conclusion in cooperation with the US and British investigative bodies. It is evident that Russia has interest in the field of cybersecurity of the personal data and it may be connected with the scheduled October 2020 elections in Georgia. The investigation shall determine the fact,” Mikheil Benidze said. 

Associated researcher of the Atlantic Council’s Digital Forensic Research Lab (DFRLab) Eto Buziashvili wrote in her research that the leaks come during a turbulent period for Georgia, with the country facing a tense situation over the global COVID-19 pandemic on one hand, and a lack of clarity regarding the procedures for fall parliamentary elections on other.

“Another important detail can be detected on the file itself: it was created in August 2011. Under the Breach confirmed that the data was supposedly leaked in 2011 but it was nowhere published until 2020.

DFRLab studied the authenticity of the document and compared the randomly selected “individuals” from the data base with the personal data of the voters in the list published voters.cec.gov.ge. 

We can find the people born in 1880 in the leaked data that reinforces the doubt that it contains the data of the deceased people too as the people born in 1880 would have been 131 by 2011. 

Another significant finding is that we can find data of the people born in 2011 too, who are too young to participate in the 2020 parliamentary elections” DFRLab researcher Eto Buziashvili said.

The chairwoman of the Human Rights Committee of the Parliament of Georgia Sofia Kiladze told humanrights.ge that investigation of the cyber-crimes is a huge challenge for the entire world.

“First of all we should know who published it in order to speak about the purpose of the action. Unless we know the source, naturally it will be difficult to presume the purpose of publishing the data base. It is difficult for our state to investigate the cyber-crimes and it is difficult for the states with modern technologies either. I hope, our law enforcement bodies will find out how the personal data was leaked. Generally, everybody is aware that Russia is a serious threat in terms of cyber-crimes. Many times, Russia was criticized for similar action, by including the Western States. Russia has occupied big part of our country so it creates ground to suspect them in cyber-crimes too; however, it is difficult to make any conclusions and if we make any, it will be speculations,” MP Sofo Kiladze said. 

Chairman of the Parliamentary Fraction National Movement Roman Gotsiridze said it is difficult to make assumptions without evidence. 

“If it was not Russia, then who published the data, who did a good job for Russia. Russia could not dream anything better than that because dissemination of similar information in the population instills: fear, mistrust, feeling of insecurity, questions about personal safety and feeling that the government is not strong enough to combat similar threats – like publishing the bank accounts or information about personal life. We already saw large-scaled hacker attack from Russia, though initially our government could not dare to blame Russia in it while opposition political parties spoke about it. Afterwards, the US Government made a statement and the GoG also admitted the truth,” Roman Gotsiridze told humanrights.ge.

Roman Gotsiridze said publishing the personal data by hackers demonstrates that we are not protected and there is a threat that more information might be leaked either. 

On March 30, the Ministry of Internal Affairs commenced investigation into the spread information and they stated that the details will be known in near future. 

The COVID-19 related state of emergency is still in force in the country; so there are many doubts that the scheduled parliamentary elections might not be held in October 2020; however nobody has made official statement about it yet. Meanwhile, besides the threats coming from the virus, the population wonders whether they are protected in the online space where they spend more time during self-isolation for personal and business purposes.