2nd Comelec hacker nabbed
Evelyn Macairan (The Philippine Star) - April 29, 2016 - 10:00am

MANILA, Philippines - The hacker allegedly responsible for leaking the information of voters from the Commission on Elections (Comelec) website was arrested by the National Bureau of Investigation (NBI) last Thursday afternoon.

NBI Director Virgilio Mendez and Comelec Chairman Andres Bautista presented Joenel de Asis, 23, an Information and Technology graduate employed as a systems integration engineer.

The Muntinlupa City resident was arrested at 3 p.m. on April 28.

De Asis admitted that even before the NBI came to his house armed with a search warrant issued by a Malabon court, he knew that the authorities were after him.

“I knew that I would already be arrested because this (hacking) is a big problem and the NBI was looking for suspects. I did not voluntarily surrender but I did not leave the country. I thought that I should not hide because this was my fault,” said De Asis.

His message to the public was to use their talent for good so they would not end up like him.

The NBI will file charges of violation of Republic Act No. 10175 or the Cybercrime Prevention Act of 2012 against De Asis at the Muntinlupa prosecutor’s office.

De Asis is the second of three suspects being sought by the NBI in connection with the hacking of the Comelec website last March.

The NBI earlier arrested Paul Loui Biteng for his alleged involvement in the crime.

Bautista called De Asis and Biteng the masterminds of the operation.

Biteng allegedly found the “hole” in the Comelec website while it was De Asis who penetrated the database.

De Asis belongs to a group of hackers called LulzSec.

He is reportedly responsible for entering the database of the Comelec, then downloading and leaking the information through a fictitious Facebook account.

While the two suspects joined forces in penetrating the Comelec website, they claimed not to have plotted on hacking the system.

It just so happened that Biteng found a weak spot in the security and they accessed the data.

They reportedly had no intention of selling the information to any political party or interested personalities.

“We only wanted to prove that it is easy to hack the Comelec website,” said De Asis.

NBI Computer Crimes Division (CCD) executive officer Victor Lorenzo said that they found the Comelec data in 340 gigabytes in De Asis’ computer.

“We confiscated his computers and mobile phones and we saw the extent of his involvement.”

Mendez said that the NBI-CCD continues to work on the case.

“We are warning the public who were able to obtain the hacked data not to use it because certainly we would be able to identify you sooner or later.”

NBI-CCD chief Roland Aguto said that they are still looking for the third hacker, who is believed to be still in Manila.

They hope to apprehend him before May 9, election day.

Once they have arrested all three hackers, Aguto said their next move is to “go after those people who downloaded that information and charge them.”

Bautista said they are coordinating with National Privacy Commission (NPC) head Raymond Liboro and with private firms to beef up security of the Comelec website.

Liboro regarded the Comelec hacking incident as “a large-scale incident and we are taking this seriously. In the past few days, we have been coordinating with Comelec.”

He said that those convicted of hacking might face a prison term of three to six years and a penalty of about P5 million.

“They should be dealt with the full extent of the law. Hacking is not a joke. It is a serious offense, you are compromising the security of this country.”

De Asis later told the media that while they managed to enter the website, he said that 95 percent of Comelec’s security wall was intact.

“Only five percent of the web server is weak. The database is connected to the web server,” he said. 

He also assured the public that he believed that the vote counting machines (VCMs) cannot be hacked because these are separate from the website. “I think the Comelec did that to secure (the VCM).”

He also gave an unsolicited advice to the Comelec’s IT department to monitor their website 24 hours a day seven days a week.

More than 1,000 netizens are expected to join a protest rally at the Department of Justice (DOJ) on Monday to call for the filing of charges against the Comelec over the so-called Comeleak or leakage of voters’ data.

Hacker group Anonymous Philippines, which will organize the protest, is urging the DOJ to investigate the poll body over its failure to protect voters’ data that have been stolen and leaked online.

Ironically, it was members of the same hacker group that defaced the Comelec website on March 27. — With Janvic Mateo

  • Latest
  • Trending
Are you sure you want to log out?

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

or sign in with