DICT: Lapses identified after hacking of disaster response unit

MANILA, Philippines — The Department of Information and Communications Technology is determined to learn the lessons from the successful hack staged on its disaster response unit’s portal and implement improvements in its systems and websites not just in the DICT but also in other national and local government agencies.

Jeffrey Ian Dy, ICT Undersecretary for Infostructure Management, Cybersecurity and Upskilling, said that a review of the hack undertaken on their Disaster Risk Reduction and Management Division (DRRMD) portal the other day had identified the lapses that enabled the hacker to breach the system.

“We have identified the lapses. These are instructive, and these can also be used so that other agencies can also understand,” Dy told The Star in a Viber audio interview.

“Majority of the lapses were in the way the (DRRMD) system was developed,” Dy said.

However, Dy reiterated that the DRRMD was really designed to be easily accessible by outside parties since it was meant to disseminate information during disasters.

Dy said that a lapse found was that the DRRMD portal used an untested encryption algorithm.

“What was used was...an encryption algorithm or protocol that was proprietary, the protocol was developed or invented by a provider,” Dy said.

Another lapse, which he said was also seen as a “critical flaw”, was the use of a password system that was encrypted.

“The password – the username password combination – should not be encrypted, it should be hashed,” Dy said.

Also, Dy said that the DICT had already detected these vulnerability several days earlier.

“ However, it took several days before it was updated. And then, the hacker struck before we can do address the vulnerability,” Dy said.

Dy reiterated that the volume of data compromised by the hacker, whom he earlier identified as “PH1NS,” was just about 200 megabytes.

“Any type of breach, we don’t want to downplay. Even though it’s (DRRMD) a small system, we still take this seriously. We still want to take note of the learnings here,” Dy said.

Dy noted that the DICT’s cybersecurity forces have been spread rather thinly the past weeks with the number of hacks being staged on government agencies and private organizations.

The hack on the DRRMD, he shared, raised the need for establishing a cybersecurity force in the DICT that will solely watch over the DICT’s information technology systems.

“We are seeing the need to build a local cybersecurity force that will look solely at the DICT,” Dy said.

The DICT said that their investigation on the alleged hack on leading electronic mobile wallet GCash belied claims of a successful breach.

Dy said that their probe has shown no proof that an outside entity had breached their database.

“Actually, we did not find clear proof that GCash was hacked,” Dy told The STAR in a phone interview.

“There was no proof of a breach,” he stressed.

Dy said that the data being brandished by DeepWeb Konek, an online collective of cybersecurity practitioners, to flag an alleged hack on GCash, appeared to come not from a hack on GCash’s system.

“It seemed to come from other sources. It was aggregated data from other sources, and not from a successful breach,” Dy explained.

Cybercrime cases decline

Cybercrime cases declined by at least 36 percent this year, with online scams registering the biggest drop, according to data released by the Philippine National Police (PNP) yesterday.

Data from the PNP Anti-Cybercrime Group (ACG) showed there were 8,177 cybercrimes from January to June, a decrease of 36.16 percent from the 12,808 incidents in the same period in 2023.

PNP chief Gen. Rommel Francisco Marbil attributed the drop in cybercrimes to their proactive measures, which includes deploying more resources and enhancing the capabilities of their cybercrime investigators.

“Our goal is to protect our citizens not just in the physical world but also in the digital realm,” he said in a statement.

Online scams registered the biggest drop at 53.48 percent from 3,468 to 1,613 followed by investment and tasking scams which went down from 1,001 to 650, a decrease of 35.06 percent.

Cases of debit and credit card fraud decrease to 528 from 736 or a drop of 28.26 percent.  –  Emmanuel Tupas