By Raymond Carl Dela Cruz
MANILA – The Department of Information and Communications Technology (DICT) on Monday said 19 government websites were hacked and defaced, but there was “no evidence of a data breach” amid the protest actions against corruption on Sept. 21.
In a Palace press briefing, DICT Secretary Henry Aguda said of the 19 websites, four were websites of national government agencies (NGAs) while the rest were for local government units (LGUs).
“To date, wala pa kaming verified report of exfiltration. So wala pa personal information na nawala (we don’t have not a verified report of exfiltration. So, there is no personal information lost),” Aguda said.
The four NGAs were the Anti-Red Tape Authority (ARTA), Bureau of Customs (BOC), DICT, and the Department of Economy, Planning and Development (DEPDev).
“Yung mga na-compromise sa kanila yung mga training modules, complaint platform, etc. And all of them naayos kaagad. So, yung apat inconsequential na yung nangyari sa kanila (What were compromised were training modules, complaint platform, etc., and all of them were fixed immediately. So, for those four NGAs, what happened was inconsequential),” Aguda said.
In a statement, the DICT assured the public that “the eGov PH App itself was not compromised.”
“The incident involves one of the many third-party systems integrated with the eGov PH – the EComplaints system – which is managed separately from the eGov PH App’s core infrastructure,” the DICT said.
“As of this time, there is no evidence of a data breach within the eGov PH App. All personal information in the app remains secure, encrypted, and protected by strict cybersecurity protocols in line with the Data Privacy Act of 2012 and internationally recognized standards,” it added.
Aside from defacement, he said government websites faced distributed denial-of-service (DDoS) attacks and over 1.4 million failed breach attempts.
“Ang dami niyan. And kung makikita niyo apat lang yung naka-lusot (That’s a lot. And as you can see, only four went through). So, kudos to the people of the Cybercrime Investigation and Coordinating Center (CICC), from DICT, the Cybersecurity Bureau, the National Computer Emergency Response Team (NCERT), and together with the law enforcement,” he said.
AnonymousPH, a group of cyber hacktivists, is suspected of being involved in the attacks.
“Common denominator is the actor called AnonymousPH, dun namin na-track down (that’s where we tracked it down). And then the chatter in the cybersecurity community is pointing to them. Although I’ve reached out to them, sabi nila hindi daw sila, so sabi ko i-disavow niyo (they said it’s not them, so I told them to disavow the attack),” he said.
He said a person of interest is also being pursued in coordination with law enforcement agencies but declined to share information on the suspect’s identity as part of the investigation.
“He/she’s in-country. Yun lang siguro (That’s it, maybe). And I defer giving additional information,” he said. (PNA)
