Extra layer of website security sought

MANILA, Philippines - The Department of Science and Technology’s Information and Communications Technology Office (DOST-ICTO) urged yesterday the website administrators of different government institutions to add an extra layer of security to their systems in light of the recent hacking incidents of government websites.

“We would like to request systems administrators of government websites to review their source code for these security flaws. A common vulnerability we have found stems from third party plug-ins used in content management systems (CMS),” said Louis Casambre, executive director of the DOST-ICTO.

“Government agencies must add an extra layer of security to their websites by migrating them to secure server facilities,” he said.

The website of the Philippine News Agency, the government’s news wire service, was defaced anew by hackers suspected to be from China last Thursday.

Hackers of still undetermined origin have vandalized the websites of the Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA) last Wednesday.

“The recent defacing of the PAGASA website only illustrates the patent vulnerabilities inherent on some web platforms,” Casambre said.

“The PAGASA website is hosted on its own web servers as well as those of a third party provider and were not hosted on DOST’s secure servers,” he noted.

Science Secretary Mario Montejo said homepage defacements are nothing new to government websites and it happens to homepages of government agencies worldwide.

“As potential high-profile targets for hackers both local and foreign, government system administrators must take the extra effort to ensure that our servers are safe from cyber vandalism. The DOST-ICTO has been tasked to oversee DOST’s internal efforts,” Montejo said.

“We have taken definitive action to migrate all DOST websites to secure server facilities when these defacements started almost three weeks ago,” Casambre said.

“It is unfortunate, however, that the PAGASA website was hacked so soon. In light of this new development, we are looking at accelerating our ongoing efforts,” he added.

Aside from PAGASA, the websites of the University of the Philippines in Diliman, Quezon City, the Official Gazette, the Presidential Communications Development and Strategic Planning Office, the Presidential Museum and Library, and the Department of Budget and Management were also hacked.

The website of The STAR, www.philstar.com, was briefly hacked last May 4, with the main page replaced by one claiming that Panatag (Scarborough) Shoal in the West Philippine Sea belongs to China.