President Marcos to DICT: Boost defense vs cyber attacks

MANILA, Philippines — President Marcos has ordered the Department of Information and Communications Technology to beef up its defenses against cyber attackers, a DICT official said yesterday.

Undersecretary Jeffrey Ian Dy told Dobol B TV that Marcos was frustrated over the data leaks in government agencies in the past weeks.

Marcos wants the DICT to be proactive and enhance the defense against hackers.

“Yesterday, the President called us and he’s really very frustrated with what’s happening here. And he actually told us that we should really beef up our defenses,” Dy said.

“He wants to know the technical details. He said we shouldn’t be reacting after the fact, we should be preparing before it happens,” he added.

Among the government agencies subjected to cyber attacks and suffered data leaks are the Philippine Health Insurance Corp. (PhilHealth), Department of Science and Technology (DOST) and Philippine Statistics Authority (PSA).

Authorities said they have already identified the suspects behind the breach in the PSA and the suspect who posted and leaked data from PSA and DOST.

No info compromised

No sensitive information was compromised on the data leak on OneExpert portal, the DOST said yesterday.

In a statement, DOST VI regional director Rowen Gelonga said a security incident was reported to the department by the Philippine National Computer Emergency Response Team on Aug. 31, regarding the OneExpert website.

He said the project team conducted an investigation and found out that a compromise account may have been used to access the site.

“Appropriate actions were implemented to address the incident, additional security measures were put in place and the website’s normal operations were restored soon after,” Gelonga said.

“While the incident may cause concern among the affected individuals and the public, we would like to assure everyone that no sensitive information has been compromised,” he stated.

Gelonga said the OneExpert portal serves as a public registry of Filipino experts, aimed at enhancing access to their services and expanding the reach of science and technology assistance to clients within the country. 

“While the list of clients or users is not readily accessible through the portal, the website’s use is diligently monitored and are made available as part of DOST official records,” Gelonga said.

“However, some data that resembled those from the site was posted on Facebook on Oct. 8, 2023. These data contained some publicly listed names of technical experts, their email addresses as well as users with their email addresses,” he said.

For his part, Science Secretary Renato Solidum said that what was affected by the data breach was the OneExpert website being operated by the DOST Region 6.

“It was a separate system, it was not the whole system, it was managed by a regional DOST, Visayas Region 6. The website is run by a project, it is not really connected with our host system,” he noted.

Solidum added that appropriate actions were implemented to address the incident, adding that the data breach was not an indication of the vulnerability of the DOST website.

“Additional security measures were put in place and the website’s normal operation was restored soon after,” he said.

At the same time, Solidum said that government agencies should be wary of the security of their websites, adding that it should be standard for all agencies to make sure that their IT systems are really safe.

Meanwhile, Defense Secretary Gilbert Teodoro said the increase in the number of agencies affected by the hacking should be a cause for concern.

“Since I came from the private sector, it is really a cause for concern but this is to be expected and guarded against every day if you have an IT platform or system, you need to expect that and what are the measures you will take to prevent or to remedy the incidents of hacking,” Teodoro said.

Probe

The Philippine National Police Forensic Group has sought help of the Anti-Cybercrime Group (ACG) in its probe on the supposed data breach on its system.

Maj. Michael Ignacio, the Forensic Group’s information technology officer, said on Friday that they have tapped the ACG’s services in finding out if their system was really hacked.

“They have the capability to investigate regarding cyber security,” Ignacio said at a news briefing at Camp Crame.

The Forensic Group is among the government institutions that supposedly suffered a data breach, based on a social media post.

Ignacio said they want to find out if the data allegedly stolen was just from dummy accounts, which they usually use when testing their computer system.

So far, they are no indications that sensitive information was stolen.

“We are assuring the public that there is nothing to worry about. We have implemented some systems,” he said.

Limited data

Meanwhile, the PSA said the data breach has affected limited data from its Community-Based Monitoring System (CBMS).

“Based on the investigation, the links posted by the bad actors lead to limited data taken from the CBMS Management Information System,” the PSA said in a statement yesterday.

The CBMS is a technology-based system of collecting data used for planning, implementation and monitoring of programs at the local level, as well as for targeting households for social protection programs.

“Investigations have confirmed that data in the Philippine Identification System, the Civil Registry System and more than 100 other censuses and surveys that the agency conducts are unaffected,” the PSA said.

A joint investigation is being undertaken by the PSA with DICT, National Computer Emergency Response Team-Philippines, PNP-ACG, National Bureau of Investigation Cybercrime Division and NPC Compliance and Monitoring Division on the data breach.

“Leads for the identification of the bad actors have been provided to the PNP and the NBI for further action,” it said.

Verification

The NPC has launched a database search portal designed to help PhilHealth members verify if their personal information was among those leaked through the recent ransomware attack.

In a statement late Friday, the NPC announced that it has launched the “Na-leak ba ang PhilHealth Data ko?” [Was my data leaked?] portal for the effort.

To utilize the portal, users are required to enter their PhilHealth Identification Number (PIN) and the portal will verify whether their personal information was part of the leaked data.

To access the “Na-leak ba ang PhilHealth Data ko?” database search tool, visit: https://philhealthleak.privacy.gov.ph/.

The NPC said that as of Oct. 13, the initial batch of data available on the portal pertains to individuals aged 60 years and above, containing an estimated one million records out of 8.5 million senior citizens.

The NPC stressed that the portal exclusively focuses on this specific incident and does not encompass data breaches from other sources or incidents.

A negative result from this search should not be misconstrued as an assurance of data security in other areas, it added. — Bella Cariaso, Emmanuel Tupas, Louella Desiderio, Catherine Talavera