Hackers Used Msandos’ Details To Login IEBC IT Expert Explains; Raila Reveals
I will explain what happened between the times of 12:37 on 8th of August to about 4 O’clock in the afternoon. Now there are two issues here to deal with access and privileges ;
In standard operating procedure in IT, when you have a data base you have the super administrator in this case they were using microsoft SQL server. Once the super administrator is created on first instance this super user can now then create other users within the data base.
Now Mr Chris Musando was the super administrator in this case with his credentials he was able to give different people the same credentials or lower credentials, but as highlighted in Nasa’s document you will find that such users did not exist only one super user existed in this co-server.
On the second issue priviledges you will note, once you get a copy of this document on page 4; based on the access you have as a user you can carry out certain functions right? This functions allow you to install allogarithms, stole procedures, it also allows you to remove log in.
One good thing about the SQL environment and the VM the virtual machine used is that they are always master logs that you cannot delete. So on page 4 you’ll see about 6 functions, which were made earlier that were picked, this functions highlighted one by one deal with installing stole procedures, changing of date and time, recusive triggers and caring rounding of numbers because an election you cannot have half a vote.
Now the key thing to note in this document is that if you are a super user in such a system. When you sign in you have to sign in using a security certificate; you’ll note that the certificate used was unsigned, for many of you who can access google you’ll look the information on that, signed certificate is generally an indication of an attack clean and simple. Last but not least you’ll find on page 52, that two things happened;
A user SA that is super administrator in MSQR logged in.
The user Chebukati logged in.
The user at the bottom of page 52 Msando also logged in.
Now depending on the privilege when you have that access, depending on the privilege assigned to you by the super administrator; it allows you to generate certain procedures turn off, certain statistics which explains as to why so called stoled procedures, the so called functions, the so called triggers which are highlighted took effect at specific times. The full document has the master log date time up-to the second, so you can be able to track the functionality and activities that happened from 12:37 .