DICT still working to take back hacked DOST website

MANILA, Philippines —  The Department of Information and Communications Technology (DICT) is working to take back control and ascertain the extent of the hack undertaken by a local group on the Department of Science and Technology information technology systems, which include at least three DOST websites.

DICT Assistant Secretary for legal affairs and spokesman Renato Paraiso said the DOST and DICT’s emergency response personnel remain locked out of the DOST systems that were successfully penetrated and encrypted by the hacker group on Tuesday night.

“The system itself was attacked and compromised by the threat actor. It means the whole system of DOST including the websites that they are handling, were subject to the attack and compromise of this group of local threat actor,” Paraiso yesterday said.

“As to the extent and possible ramifications... we still have to determine (that), because until now, we are still isolated and we are still locked out from accessing part of their system,” Paraiso said in a virtual press briefing yesterday morning.

He noted that an initial probe on the hack showed that the hackers used ransomware to penetrate the defenses of the DOST IT systems.

“We have found that the means that were employed were consistent with a ransomware attack, although there have been no demands yet,” Paraiso said.

Paraiso said that the DICT’s National Computer Emergency Response Team (NCERT) had detected the breach at 11 a.m. on April 3.

While the DOST had installed security tools on their system to prevent such attacks, the local threat actor was still able to penetrate and take control of the DOST systems.

“It’s just that it might be outdated. Or it might be outdated in terms of the capabilities and the systems employed by the threat actor,” Paraiso said.

He mentioned that the hack of the DOST system meant that the threat actor was able to compromise all DOST data, including the database of research and development files, patent proposals and applications for inventions.

“Around two terabytes (of data) is our initial determination (on the size of data breach),” Paraiso said.

“If we do a comparison of the PhilHealth hacking, this is smaller comparatively but the data hacked from PhilHealth was more sensitive because it involves the personal data of its members,” he explained.

Paraiso said that all data under the custody of the DOST – including proposals for inventions and information on scientists and department members – were breached or affected.

“Even their backup and redundancies were also compromised,” he said. “Even the log in accesses of their administrators and members were also compromised.”

“In terms of size, recently, this is one of the biggest. You have to understand, comparatively. The impact is not that big (compared to PhilHealth),” Paraiso emphasized.

“(But)in terms of size, yes. Particularly in this administration, this might be one of the biggest in terms of size alone,” he stated.