AFP probes hacking of data base
The Armed Forces of the Philippines (AFP) has started investigating the reported hacking of its data base that exposed close to 20,000 military personnel whose basic information, including their injuries, were in the file.
The investigation was ordered after Pinoy LulzSec, a local hacking group that participated in the threeday international hacking operation by LulzSec international, disclosed that of all the government agencies, learning institutions, and private firms that it “exfiltrated,” only the data base of the AFP was found to be vulnerable.
AFP-Public Affairs Office (AFPPAO) Chief Col. Noel Detoyato said they are currently communicating with the Communication Electronics and Information Systems Service, Armed Forces of the Philippines (CEISSAFP).
"Kababasa ko lang. Ipapasa ko sa CEISAFP para maka-react sila kung anong website itong data base na ito (I just read it. I will pass it on to CEISAFP so they can react on which website
this data base was)," Detoyato said.
But Lt. Col. Demy Zagala, Philippine Army spokesman, said the data was extracted from exposed dump files of an old database while being migrated from a third party Internet Service Provider (ISP) to the Philippine Army network in December 2018.
These files, Zagala said, were already addressed as early as January 1, 2019 but was only leaked recently to make it appear that the hacker was able to commemorate their yearly mischief on April 1.
Zagala assured that all other data in the Army network is secured and that further security assessments are being done to prevent a repeat of this incident.
Department of Information and Communications Technology (DICT) Assistant Secretary Allan Cabanlong, meanwhile, said the DICT is working on the breach to ensure that the country and its institutions remain cyber resilient and cyber safe.
Cabanlong, also executive director of the DICT’s Cybercrime Investigation Coordination Center, said that for the past few months, the CICC and the CyberSecurity Bureau, “with a handful of staff without the right technology, shoestring budget and with bureaucratic challenges, have been helping government agencies, businesses, and every Filipino fight cybercrimes.”
“To say it is an uphill climb is an understatement. It has been a hard road. But each time a victim of a cybercrime thanks us for helping, we are reminded why we are doing what we are doing,” he said.
“And so, for as long as there is an agency or a business being attacked, as long as there is a child being exploited online, as long as there is a Filipino being victimized in cyberspace, we will continue to work day and night, 24/7 for a cyber resilient cyber safe Philippines,” Cabanlong added.
The National Privacy Commission (NPC) is also coordinating with the Office of the Assistant Chief of Staff for Communications, Electronics, and Information Systems (G6) based in Fort Bonifacio on the hacking.
Senator Sherwin T. Gatchalian said the DICT should make a thorough investigation of the April 1 attack made by Pinoy LulzSec on a large number of government, military, and educational institution websites.
“It is very alarming that not only was the group able to hack and deface government websites, they were also able to access and leak sensitive information of the Philippine Army (PA), including the Army’s personnel list. Let us not forget that they are the same group that leaked the Comelec database in 2016, exposing voters’ private data to the Worldwide Web,” he said.
Gatchalian, chairman of the Senate energy and economic affairs committees, said government should hold the people behind these hacks accountable for their crimes.
Other sites hacked
Aside from hacking the military website, the operation also downloaded the data base of Ateneo de Zamboanga and the Technological University of the Philippines in Taguig, according to Pinoy LulzSec.
The data base contained the names of the military personnel, their serial numbers, units, positions, courses, class, and remarks which included data on whether they failed in their mission, cheated in their exams, or were absent. Some even have injury entries in their files.
In what it called the April Lulz, Pinoy LulzSec said hundreds of government and private firms were exposed as well as personal Facebook pages.
The annual three-day international hacking operation launched by LulzSec affiliates all around the world was participated in by local hacking groups such as Pinoy LulzSec, Pinoy ClownSec, and FilTech Hackers Philippines. (With a report from Mario B. Casayuran)