- Always wondered how an army of trolls can affect the outcome of an election?
- Want to find out how loyalty from governmental contractors can be enforced?
- Curious to see how forensics skills can unfold an election scandal?
On Sunday (Oct 27th), regional elections takes place in Pereira, Colombia. A few days before the election, a mobile App called KONTACTO was leaked to the media, supposedly capable of election manipulation.
In collaboration with the investigative journalists at Cuestión Publica (Colombia), Qurium releases the forensics report “KONTACTO – a mobile application to track voters in Colombia“.
Qurium has analysed KONTACTO, a non-public Android mobile App shared between trusted actors via WhatsApp, and is revealing its functionality and capabilities in the forensics report.
KONTACTO allows administrators of the App to collect personal data on potential voters of Carlos Alberto Maya, candidate for the Liberal Party in Pereira. The App provides technical means to build a pyramid of referrals, lobby for a specific candidate and collect personal information about the potential voters (referrals).
Apart from revealing a shady political campaigning scheme, the App also breaches many principles of the data protection law of Colombia as it stores personal information about potential voters including their ID cards. Little efforts are made to protect the personal data it stores as the information is transferred to the central server without encryption.
The KONTACTO database contains more than 1,000 people as part of the recruitment team and more than 55,000 records of potential voters (referrals) with names and ID cards.
Forensics report: Kontacto – an insecure mobile app to track voters in Colombia
Investigation (by Cuestión Publica) : Episod I: Kontaco, la nueva máquina electoral de hacer votos [ES]
Digital forensics: Tord Lundström, Qurium Media Foundation
Investigation: Diana Salinas, Cuestión Publica