From Voting to Digital Fraud: Petro Raises Alarms Over Vulnerabilities in Colombia’s Electoral System

El Ciudadano

Original article: Del voto al fraude digital: Petro denuncia vulnerabilidades en el sistema electoral colombiano

Colombian President Gustavo Petro has sounded the alarm regarding the integrity of the country’s electoral system, reporting serious vulnerabilities in the software used during the counting of votes in the recent runoff election held last Sunday.

The runoff election remains undecided, marked by a narrow margin in the preliminary count between the Pacto Histórico candidate, Iván Cepeda, and the far-right Abelardo de la Espriella. However, these figures are merely informational as the final outcome will rely on the official and legally valid tally of votes.

Through his account on social media platform X, the president disseminated a technical document that allegedly demonstrates security flaws in the system operated by Thomas Greg & Sons, linked to brothers Camilo and Fernando Bautista, which could have jeopardized the transparency of the democratic process.

Vulnerable Software

This revelation raises questions about the cybersecurity of the presidential elections, as the company is responsible for logistical tasks that span before, during, and after Election Day.

The progressive leader addressed algorithms that «make the Bautista brothers’ software vulnerable and allow powerful states with computational capabilities to replace Colombian voters».

Moreover, he indicated that the decision to not allow a thorough audit of the electoral software, as he himself requested, prevented the discovery of this significant vulnerability and prioritized a possible loss for progressivism over national sovereignty.

The president went beyond technical issues, emphasizing that there are additional irregularities that warrant investigation by the relevant electoral and judicial authorities, including concerns regarding the E-14 forms used to register votes at each polling station and submitted by voting jurors.

He accused electoral authorities of a lack of clarity in the recount, claiming they modified many of these forms.

In light of the upcoming runoff, Petro requested the recovery of the digital fingerprint of these documents to ensure they could not be altered, a plea that, according to the Colombian president, was ignored by Registrar Hernán Penagos and Attorney General Gregorio Eljach. Earlier in June, he claimed to have evidence that the elections system, the electoral roll, and the distribution of voting locations had been tampered with, further warning that the process exhibited vulnerabilities both internally and externally.

«It is now known that the algorithms that suspended from the E-14 database, like the historical stamp and the Hash lock, did allow changes to E-14 forms already submitted«, he pointed out in his message.

Additionally, he reported alleged irregularities related to voting jurors abroad and misinformation campaigns that, according to Petro, were funded from abroad to discredit his administration and Iván Cepeda’s presidential candidacy.

«It is already known that some jurors abroad, who could not be residents in Colombia without nullifying what happened at the polls, were indeed Colombian residents«, he noted.

«It is already known that millions of dollars from abroad were invested in discrediting the government, the Pacto Histórico, and Iván Cepeda, misleading millions of Colombians into believing Iván was a guerrilla when he never picked up a weapon, and only investigated the assassination of his father, senator Manuel Cepeda Vargas,» he added.

Cyber Attack

The technical analysis shared by the president describes a hypothetical scenario of a cyber attack directed at the email infrastructure associated with the National Registry, the agency responsible for organizing elections in Colombia. The document identifies multiple potential weaknesses in the system, starting with possible failures in digital authentication keys, known as DKIM, which are essential for verifying the legitimacy of institutional emails.

Another concerning aspect noted in the report is the existence of an internet domain that bears similarities to the official site of the National Registry, which could be exploited for identity theft or phishing campaigns. This vulnerability, combined with the absence of additional validation mechanisms like CAA and DNSSEC, security protocols that help prevent cyber attacks, creates a conducive environment for electoral disinformation through the dissemination of forged emails that could confuse citizens and affect public perception about the process.

«Progressivism Is Now Bigger Than When the People Elected Me»

In his message, he emphasized that in these elections, the vote that brought him to the Presidency of Colombia has been surpassed by the Pacto Histórico candidate, Iván Cepeda.

«Progressivism is now larger than when the people elected me, which shows great gratitude and recognition from the Colombian people, who have not taken away our power of expression but instead granted us more power».

Ahora voy a presentar los algoritmos que hacen vulnerable el software de los hermanos Bautista y que permiten que estados poderosos con capacidad computacional puedan reemplazar a colombianas y colombianos

Cómo no se dejó auditar el software no se descubrió está terrible… https://t.co/LcAqSBRQzj pic.twitter.com/cuzN3FShcK

— Gustavo Petro (@petrogustavo) June 22, 2026