Manila Bulletin personnel, 2 others arrested for alleged hacking spree

MANILA, Philippines — The National Bureau of Investigation on Friday arrested a "data officer" of the Manila Bulletin along with two others for allegedly hacking banks and government websites.

The arrest was made based on multiple recent incidents where the hackers allegedly breached private and government websites and conducted unauthorized access attempts, according to an NBI news release. They were nabbed by the NBI during a sting operation.

During the NBI's press conference on Friday, the alleged MB employee said that since 2018 or 2019, he has been asked "directly and indirectly" by the MB technology editor to hack different systems. These hacking incidents would then be written about by the editor in his column for the paper, he said.

The suspect, whose face was covered to keep hide his identity during the press conference, said that he is in charge of the security of the whole news organization.

He named the accused editor as Art Samaniego, who has since denied the allegation in an interview with DZRH.  

"Nakilala ko si Sir Art during my Pinoy LulzSec days. I will send him details of my exploit kung paano ginawa yung exploit or the proof of concept para mapatunayan na may hacking na nangyari… In turn, gagawan nya ng article," the suspect said.

(I met Sir Art during my Pinoy Lulzsec days. I will send him details of my exploit, how the exploit was done, or the proof of concept to prove that hacking occurred... In turn, he will write an article about it.)

To recall, a group identifying itself as "LulzSec" claimed they hacked the Commission on Elections' database in 2016. Along with the system breach, they also released to the public millions of voters' data in the form of a search engine.

The suspect said that it was Samaniego who helped him get hired at the MB.

He claimed that his most recent hacking attempt ordered by Samaniego was done to the volunteer app of the 1Sambayan coalition, which was formed ahead of the 2022 elections.

“Nag-ask siya sa'kin kung puwede kong i-check ‘yung [1Sambayan app.] Check means look for vulnerabilities. Nakahanap ako ng vulnerability then na-pull ko ‘yung data ng volunteers,” the suspect added.

Appearing to gamely answer authorities' questions, the suspect also candidly shared that hacking for him has "become like a challenge."

"Para hindi mangalawang skills ko (so my skills don't get rusty)," he added.

The Manila Bulletin said in a statement on Friday that it has "always adhered to the laws of the land" and "requires its employees to be law-abiding." 

"We expect our employees to be accorded their rights," the news organization added.

Besides the alleged MB employee, the two others arrested were identified as a “cybersecurity researcher” from a company based in Bonifacio Global City in Taguig City and a “graduating student.”

Authorities were able to arrest subjects after an informant helped arrange a meeting between them on Wednesday.

"To gather information crucial to identifying and apprehending the Subjects, NBI-CCD tracked the movements of the identified hacker known by aliases such as ‘kangkong’, ‘Mirasol’, ‘Sibat’, ‘Ricardo Redoble’, and ‘lulu’. Operatives likewise monitored online activities and gathered data from various sources like social media, forums, and public databases to establish patterns and connections linked to the hacker’s activities,” the news release said.

During the arrest, authorities discovered scripts, databases from various government websites, and Facebook users' credentials on one phone. On subject "Illusion"'s phone, they found data related to hacked banks, including Philippine National Bank, Security Bank, Banco de Oro and Union Bank.

"They were recommended to be charged with Illegal Access under Section 4(a)(1) and Misuse of Device under Section 5(iii) of RA 10175 or the Cybercrime Prevention Act of 2012, as well as Unauthorized Access or Intentional Breach under Section 29 of RA 10173 otherwise known as the Data Privacy Act of 2012. The third subject with an alias 'Allan 10k' will be charged thru direct filing," the NBI said.

Those arrested are members of hacking groups "LulzSec" and "Globalsec," the bureau added.