THE National Bureau of Investigation (NBI) has nabbed the second of three suspects in the hacking of the Commission on Elections (Comelec) website.
Dionel de Asis, 23, admitted being the mastermind of hacking operations, in which some 340-gigabyte of data were stolen, Comelec Chairman Juan Andres Bautista said Friday.
“He (De Asis) also explained that their intention was nothing more than to prove that the Comelec website has weak safeguards and vulnerable to hacking,” the poll chief added.
James Jimenez, Comelec spokesman, said the second hacker did the groundwork that successfully breached the website’s defenses, gaining access to the voters’ database.
But he said the hackers knew that what they had done would not affect the May 9 synchronized local and national elections because there were encrypted files that they had failed to decrypt.
De Asis was arrested Thursday by virtue of a search warrant inside his residence in Muntinlupa City.
De Asis and the first arrested suspect, Paul Loui Biting, were both graduates of the Technological University of the Philippines, with degrees in IT.
The third suspect is still at-large.
Jimenez also disclosed that the Comelec conducted its own internal investigation on the incident to determine if negligence or fraud was committed by employees responsible for maintaining and protecting the poll body’s website.
The Cmelec has also created a technical working group, led by Jimenez, to look further into the hacking incident, and likewise tapped the services of cybersecurity experts from abroad, to ensure that no similar incident would occur in the future.
The internet security provider Trend Micro said the hackers were able to copy the personal information of 1.3 million registered overseas Filipino voters and the fingerprints of 15.8 million other voters, rendering them vulnerable to identity theft.
Earlier, the Church-based election watchdog Parish Pastoral Council for Responsible Voting (PPCRV) had called on the Comelec to be “upfront” in reporting to the public what they needed to know about the hacking of its website.
PPCRC Chairman Henrietta de Villa has said that what happened was both disturbing and alarming, since it involves the personal information of more than 55 million registered voters.
She stressed that the public has the right to know what really had been stolen and what was being done to address it.
De Villa also said that more than the arrest of the hackers, the Comelec should run after the persons responsible for the hacking, which extends to some people within the poll body and those tasked to maintain the website.
“Whoever is accountable should be made to render a report,” she pointed out. “Because if you put up the website and you recruit people to work for the website, there should be a guarantee that it is foolproof.”
Jimenez has admitted that the Comelec website was put up without a strong security firewall, such that the hackers, after a series of attempts, were able to find loopholes in the system.
“That’s what we’re protecting against now,” Jimenez said. “We are taking the steps necessary to correct the situation. We are taking steps to make sure the website that we put up again is safe from intrusion.” WILLIAM B. DEPASUPIL