UARU
Inside Kyrgyzstan’s Online Election Hijinks
13 November, 2017
424

It was a close, but decisive victory. Last month, former prime minister Sooronbai Jeenbekov won Kyrgyzstan’s presidency after a tight race and a surprising challenge from his closest competitor: businessman and former prime minister Omurbek Babanov.

But a new investigation by Kyrgyzstan’s independent KLOOP.kg news site is casting doubt on the vote’s fairness. According to KLOOP.kg, Jeenbekov — the authorities’ preferred candidate — had access to voters’ personal data during the campaign.

This information came to light after an anonymous hacker broke into a website hosted on a government server that was at the disposal of Jeenbekov’s campaign workers.

Jeenbekov defeated Babanov with 54% of the votes, narrowly avoiding a second round of elections. However, KLOOP.kg’s investigation highlights evidence of collusion between Jeenbekov and the Kyrgyz government in the run-up to the election.

On September 13, the website Samara.kg — previously an obscure real estate site — was converted to a voter data management system. Then, on the eve of the October 15 elections, an anonymous online vigilante, using the nickname suppermario12, hacked the site and made a number of local news outlets, including KLOOP.kg, aware of the website’s links to a government server used by the State Registration Service.

With the help of the Swedish IT security NGO Qurium, Kloop.kg was able to verify suppermario12’s findings and further establish that the website was registered under the name of Uchunbek Tashbayev, a former Kyrgyz minister.

So far, KLOOP.kg has proven “that some website, which had a suspicious database of people, was hosted at the government server for one month,” says Bektour Iskender, a Kyrgyz journalist and co-founder of KLOOP.kg. “This is what we definitely managed to prove, this is what we are 100% sure about.”

But the news agency also has strong evidence of other nefarious business. According it campaign workers it interviewed, employees of Jeenbekov’s campaign appear to have used the website to record the names of people they had bribed to vote for the pro-government candidate. Moreover, after the election, the same system allowed the campaign workers to see whom these people had voted for. Among those named on the register were students and public sector workers, the people most susceptible to pressure from the government.

The use of so-called “administrative resources” is not a new phenomenon for Kyrgyzstan. As Iskender explains: “Many, many people who were in the system, they are young and we think they are students, and students are one of these vulnerable groups of people in Kyrgyzstan, who have been used during the last several elections.”

The Samara.kg website still exists but is no longer a voter data management system. Instead, the website now advertises a carpet cleaning service.

The State Registration Service denied Samara.kg’s existence and even threatened to sue KLOOP.kg, which refused to post a retraction. The government has yet to respond officially.

According to Iskender, this revelation regarding government electoral interference highlights serious issues concerning the fairness of the latest presidential elections and the Kyrgyz government in general:

“The whole election process, I think, has become better in Kyrgyzstan during the last seven years. But, still, it seems like there were violations, and they were serious violations, and maybe we should stop comparing ourselves to the older version of Kyrgyzstan,” he says. “This is, unfortunately, one of the biggest problems of politicians in Kyrgyzstan.”

Hromadske sat down with Kyrgyz journalist and KLOOP.kg co-founder Bektour Iskender to discuss the investigation into electoral interference and what this means for Kyrgyzstan.

Recently KLOOP carried out an investigation into a website called Samara.kg, a rather unusual site, that appears to have put pressure on voters to cast their ballots for Sooronbay Jeenbekov in the election last month, who subsequently won the vote. Tell us, how did KLOOP find out about this? What is this investigation about?

We found it quite unexpectedly, to be honest, the day before the election, when our editor-in-chief Eldiyar, he saw this video that was posted by the guy, who is anonymous, who we still don't know his name, who hacked this whole system. He hacked this whole website called Samara, and then he released a video, where he actually explained what this website was about. The thing is, back then, we couldn't really understand how serious he was about it, to be honest, because Eldiyar typed Samara.kg into his browser, and what we think now is happening, was that the administrators of the website, they were kind of clearing things up after it was hacked, so they restored the ownership of the system, and then they put in initial kind of temporary version of it, which had all the fake names, which had all the fake ID numbers and everything, and that's why Eldiyar first thought that he had found something and then he saw these strange names there, and then he thought that was some crap, or whatever. We decided, ok, this is probably not worth our attention, but, just in case, just to double check, we decided to send a request to our friends from Qurium, the Swedish-based NGO, which has access to these tools, very sophisticated but very expensive tools, which allow you to see the history of the domain name with very, very high precision, you can basically see it with an almost day-to-day kind of accuracy which server was each domain connected to, which server each domain was working with every day. So they checked Samara.kg using these tools and then, two days later, they sent us all this very detailed information about where it was hosted and they basically found out that, on September 13, 2017, Samara.kg was redirected from a private hosting server to the server, which belonged to the government of Kyrgyzstan, to the State Registration Service, and then it was hosted there until the moment, that this suppermario12 hacker - that was his nickname when he hacked the system, or she. We actually don't even know the gender.

What did this Samara.kg site do during the election? Let's talk a bit about what its function was.

According to the video that was posted by the hacker, Samara.kg was used to collect information about a certain number of voters, because you know, there was this personal identification number there, which are given to every Kyrgyz citizen, and with this personal identification number, we can see the year of the birth of the person. Many, many people who were in the system, they are young and we think they are students, and students are some of these vulnerable people in Kyrgyzstan, who have been used during the last several elections.

You mean they are vulnerable as what is called an "administrative resource," so the the government can put pressure on them?

Yes, exactly. And, basically, what we assume the system was used for is that - and you know, there is something about Kyrgyzstan elections - because of this reform that we had with our elections, it's very difficult right now to basically draw the figures for the pro-government candidates, the ones that they would want. It's much more difficult to manipulate the outcome of the election. It's difficult just to fake the results and just declare that a certain candidate has got like 80% of votes, like [what] is being done in some post-Soviet countries. Moreover, it has become much more difficult to use these old methods. One of the most popular methods was so-called "carousels," when people were driven around several voting stations and would vote again, and again, and again, in support of a certain, usually pro-government, candidate. So, such manipulations are very difficult right now to do in Kyrgyzstan, so that's why the authorities need to invent something new, obviously. And, that's why what we assume they needed was, they actually needed people to vote for a certain candidate and to put the ballot into the box. How do you do that? How do you manage this whole group of people to vote for a certain candidate? You need to build a whole system, which would  help you to control how you basically buy votes, how you use this so-called "administrative resource." Of course one of the best and most convenient ways to control the system is by setting up something, which you can easily check online, where every person who works for your campaign has his or her own account, where they basically mark who they gave money to. And that's what we assume the system was used for. Also, another thing that seems like it was planned at the system was that, after the voting was over, they also marked who [out] of those people voted. And another thing that happened in Kyrgyzstan, a rumour was spread, mostly among students, mostly among people who worked in government structures, in hospitals, in schools, the rumour was spread that there is some system, which allows authorities to see, who everyone voted for, which I think was fake because I don't think that, even with this system, it's possible to see who everyone voted for. But, the rumor might have worked in a way because some people probably believed. Then, because Jeenbekov won with just 54% of votes. Only something like 70 thousand votes of people saved him from the second round of voting. So it probably was enough to convince at least some dozens of thousands of  people to believe that such a system exists, which can monitor who they voted for, and to have some sort of system, which would also track who was being paid money, then you have this 54%, then you avoid the second round. That's how we assume the system worked.

You said that you think that the campaign workers likely paid people and then marked it in Samara. Do you know for sure that's what they did? Were there other means of pressure on the people?

We interviewed, actually, several campaign workers from Jeenbekov's campaign, who confirmed to us that it was like this. But unfortunately, every one of them is, of course, giving anonymous interviews, so they don't want their names to be revealed, and that's how they described. We published the whole interview with one of these campaign workers, who described [to] us the way it was working. So yes, the main goal was to mark who of the people are being paid. Then, of course, there was another way of putting pressure on people by spreading this rumour that it is possible to see who everyone voted for. Then, another thing that happened on the election day, and there are numerous witnesses of this, including OSCE observers, who also said that such things were happening. On some voting stations, there were people who were sitting near the voting boxes where people would put their ballot in, and these people would try to see who everyone voted for. In Bishkek it was not happening that much, but it was especially happening in smaller villages, smaller towns, where people know each other better. I was told by one of the OSCE observers, that there were even such cases, especially in the home district of Jeenbekov, that people from Jeenbekov's campaign were present at voting stations and local voting station officials, would rather kind of listen to what they were ordering them to do, kind, in a way. They had much more influence than even, you people, who actually running the voting stations itself. So yeah, things like this were the main methods of how people - and seems like it was mostly using by Jeenbekov's campaign —  were trying to influence the results of the election.

Coming back to Samara —  the site itself didn't just appear, at least a site at that web address, didn't just appear on the day of the election, it existed before and maybe it still exists today. What was it before?

Before September 13, it was was a website of a real estate agency.

Did it actually work as a real estate agency?

We actually don't know, to be honest. We managed to check this out again through digital traces that were left by the domain, but we don't know. We know the only thing is that it's registered under the name of Uchkunbek Tashbaev, a former government official and former minister actually. And Uchkunbek Tashbaev is also one of the key people at the construction company called "Ikhlas," so he is in the circle of real estate anyway. But, the thing is that the website represented this real estate agency before September 13, then it became this database of people who are being paid to vote for someone, or possibly for Jeenbekov we guess. Then it was hacked and then for ten hours or so, it was showing the video done by this suppermario12 hacker

That he put there?

Yeah, that he out there because he managed to kind of redirect the domain name Samara.kg to the server that he was controlling. Then the control of the server was restored by people who are running the system, but the day after the election was over, the website now shows the company that does, what is it, laundry for carpets, carpet laundry?

Like it cleans rugs?

Yeah, carpet cleaning service exactly. Carpet cleaning service, this is what it is right now. The funny thing is that we tried even to clean a carpet, but the thing is that every time we were calling, they were telling us that they are not cleaning every carpet, that they clean only huge carpets, so we tried to find a huge carpet to clean, but then we decided that it’s more important to publish the investigation now, that we cannot wait until we clean the carpet because, anyway. And the website looks exactly like the same carpet cleaning website in Kazakhstan, for example, there is a similar website with an absolutely same design, with a same design of the logo and stuff like this, only a different name. So it's really strange why this website exists. We also managed to find some traces. Unfortunately what is difficult for us in this investigation is that we are mainly talking about quite complicated technical terminology and we tried to write the first part of the investigation that we have already published. We tried to write it as simply as possible, which took a lot of editorial work. Still, I guess many people in Kyrgyzstan don't really understand the concept of what was wrong.

So far, what we've managed to prove was wrong, that some website, which had a suspicious database of people, was hosted at the government server for one month. This is what we definitely managed to prove, this is what we are 100% sure about. This was what the main focus of the first part of the investigation. Right now, we are looking for more evidence of what was wrong. I mean, we managed to find also these campaign workers, we managed to find - and it will be in the second part - people who are building the Samara system, and they seem to be also linked to the government structures, so more and more we find information right now. But the initial finding, and the core finding and the most important finding is that, yes, we have this 100% evidence that Samara.kg was directed to the government server, and that, because it functioned, it meant that at the government server, someone kind of approved this.

Because, I mean, in theory, anyone can put, for example, I can buy a domain name and then, when I buy a domain name, it's not like stored anywhere. I can buy it anywhere, for example, even in Ukraine let's say, and then in its DNS records, so-called records, I can direct it to the government server of Kyrgyzstan, but, it will not function if the government server of Kyrgyzstan does not allow it to function. And because Samara.kg worked during this month of being directed to the government server, it means that someone at the government server approved this.

Interesting. Have the authorities responded to KLOOP.kg's investigation? How have they responded, if so?

The response was quite disappointing because from what the State Registration Service said [it was clear] they were just denying whatever we were writing. They were just saying that we were wrong without actually giving any counterarguments, without publishing any proof of Samara's nonexistence, which disappointed us because, you know, we were hoping to have a high-profile nerdy discussion with them, debate. We were hoping to argue with them about DNS servers, about how they are being used, how you can change this and so on and so forth. But unfortunately, it didn't happen. The first thing that they blamed us for was that some political forces are behind KLOOP, who want to return Kyrgyzstan to old times of voting when people used carousels and stuff like this. So that's what, kind of, they blamed us from.

We published our response, in which we said that we are disappointed by their response. Then, they said: OK, we start our internal investigation. They conducted it for less than one day and the result of the investigation was: We didn't find anything suspicious - that's what they said and we demand KLOOP publishes a retraction of what they wrote in the investigation.

We, of course, refused to publish any retraction because we are 100% sure that we were right, so we published another statement, where we explained why we will never publish a retraction of our findings, to which the State Registration Service then, four days after the investigation was published, they promised that they would sue us.

And, we are still waiting because they still haven't filed a lawsuit, so we don't know what is going to happen further. But, unfortunately, all the other government entities have not officially responded yet. We called GKNB, which is the security services of Kyrgyzstan, and also the State Prosecutor's Office. We demanded them to start investigating the State Registration Service because we think that we are dealing with huge violations of how people's private data is stored because the server where Samara.kg was hosted for a month, the same server is used by the State Registration Service itself, the same server is used by Taza Koom project, which is this electronic open government project of the government.

The server might have an access to very sensitive information of citizens of Kyrgyzstan, and that's why this is a very serious issue, the fact that it was hosted there, and we think that security services should start investigating it. But we don't know if they started.

During the Kyrgyz election last month, I spoke to you about what was going. Now, of course, the election is past, Jeenbekov won, but we recently learned that the Kyrgyz government, the authorities are pressing charges against Jeenbekov's opponent Omurbek Babanov, who gave him, really, quite a run for his money in the election. Can you tell us a bit about what that is about?

You know, what is really strange is the reason why they pressed charges against Babanov because Babanov previously was blamed for being a corrupt politician when he was the Prime Minister. He even was forced to leave his position because of the suspicions that he took bribes, and a horse was a bribe, which is even more peculiar in that case. I guess I don't know much about Babanov's business and whatever, but I'm pretty sure it's not what they pressed charges against him, that should have been like this. Also, the timing is very strange because, if he is a politician, then why didn't they start investigating earlier? Why was he not investigated properly when he was blamed for being a corrupt politician when he actually was Prime Minister? What it looks like right now is that it's just kind of a revenge for him being the opponent of Jeenbekov and for him, in the later stages of the campaign, criticizing Atambayev and criticizing Jeenbekov. What the charges are is that, according to the authorities' version, he was inciting interethnic tension in Osh, when he was giving his campaign speech in the city of Osh. But, the problem is that, I mean, we analyzed this speech that he gave and we, for example, understand that the videos that were circulating after that speech, which showed some parts of it, were really, really taken out of context what he was saying. And the state television - or public television as it's called, but de facto state television - it was running stories about Babanov's speech and it was really exaggerating, or, even giving a completely wrong interpretation of his words at that speech. It really looks like a political pressure and nothing more.

I want to ask: do all these things -  the Samara.kg site, the administrative resources, now the charges against Babanov  - do they change your assessment of the fairness of this election?

Yes, they actually do because, you know, I was hoping for something much better than that, to be honest. It's a really strange feeling, I'm divided, to be honest, because, on one hand, I'm quite happy that the authorities have to go so far to try to manipulate the results of the election. It's a really good sign that they have to build such complicated systems.

As opposed to just stuffing the ballot boxes and carousels?

Exactly, because for example, I remember presidential election of 2009, when Bakiev won with, I don't remember it was something around 70% or something, which was much higher than I think people would ever support Bakiev. That was of course much more terrible. So, in a way, the whole election process, I think, has become better in Kyrgyzstan during the last seven years. But, still, it seems like there were violations, and they were serious violations, and maybe we should stop comparing ourselves to the older version of Kyrgyzstan, and this is, unfortunately, one of the biggest problems of politicians in Kyrgyzstan. They often justify, whatever violations happen in Kyrgyzstan, they often justify it by saying: Oh, it has become better than it was during Bakiev times, and saying: So what? Well, almost everything would be better than during Bakiev times. Or, they would compare Kyrgyzstan to - I don't know - Uzbekistan, or Kazakhstan, or Turkmenistan and then, again, you kind of try to get out of this vicious cycle of being the best of the worst, which, I think, is one of Kyrgyzstan's biggest problems.

Final question: when can we expect the next installment of KLOOP's investigation into Samara?

Hopefully, it will be published next week. It's Thursday today, right? OK, so hopefully it will be published the beginning of next week, but, the thing is, we want it to be as accurate as possible, so that's why we'd rather publish it later but we would double check every fact, then we would hurry with publishing the second part. So, I think somewhere during the next week, maybe the beginning of the next week, we will publish the second part.  

/Interview by Matthew Kupfer

/Text by Sofia Fedeczko