Comelec taps cybersecurity experts

GAME OVER NBI agents from the Anti-Cyber Crime Division escort the suspect responsible for the hacking of Comelec’s database. PHOTO BY RENE H. DILAN

GAME OVER NBI agents from the Anti-Cyber Crime Division escort the suspect responsible for the hacking of Comelec’s database. PHOTO BY RENE H. DILAN

THE Commission on Elections (Comelec) has tapped the services of cybersecurity experts from abroad to ensure the integrity and security of the results of the coming elections and prevent professional hackers from toying with its website with ease.

On Thursday, National Bureau of Investigation (NBI) Director Virgilio Mendez and Comelec Chairman Juan Andres Bautista announced the arrest of one of the suspected hackers who defaced the poll body’s website last month.

According to internet security provider Trend Micro, the hackers also stole the personal information of 1.3 million registered overseas Filipino voters and the fingerprints of 15.8 million other voters, making them vulnerable to identity theft.

Bautista disclosed that the poll body is currently in consultation with software and computer giant Microsoft Corp. and cyber experts from abroad to prevent the Comelec website from being compromised.

“We are meeting with Microsoft. There are also cybersecurity experts from the UK,
Singapore and the US. They are in town. We consulted with them with respect to our current situation. We will continue the discussion,” Bautista said.

He added that the Commission has also formed a technical working group led by Director James Jimenez of the Comelec Information and Education Department, to look into the issue of hacking.

Bautista said the hacking suspect admitted to defacing the Comelec website but he maintained that the site contained no vital information that could be used to sabotage the national and local elections on May 9.

Ronaldo Aguto, chief of the NBI Cybercrime Division, said the suspect was arrested by virtue of a search warrant on Wednesday at his residence in Balic-Balic, Sampaloc, Manila following a three-week surveillance operation.

The suspect is a fresh college graduate with a degree in information technology but the NBI refused to divulge his identity pending the arrest of two other suspects.

Aguto said that they recovered from the suspect the computer he used in hacking the Comelec website.

“Forensic investigation is ongoing to determine if something has been stolen and also retrieve whatever has been taken away,” he said.

Aguto added that they were also checking if the suspect is part of the group Anonymous Philippines that earlier claimed responsibility for the cyber intrusion.

Jimenez refuted the claim of Trend Micro that the hackers have carted away vital Comelec data, saying that the firm has no capability to validate whatever it was looking for because it has no access to the Comelec database.

“What is clear is that the dump has not been authenticated yet. We don’t know if it is 100 percent accurate. We don’t know if it has been tampered with. So it’s a little dangerous to come to conclusion about it,” Jimenez pointed out.

Jimenez cited in particular the firm’s claim that the data stolen from the Comelec website includes the biometrics data of the voters, which, he claimed, was not true.

“It did not include biometrics. That’s for us a very strong tall tale,” he stressed, adding that probably the worse thing that can happen was if they were able to copy some 340 gigabytes of Comelec data, which is still the subject of a validation process.

Jimenez assured that the intrusion will not affect the coming elections because the Comelec will be using different servers for the election system.

He also disclosed that the Comelec conducted its own internal investigation on the incident to determine if negligence or fraud was committed by employees responsible for maintaining and protecting the poll body’s website.

He added that some people have already been transferred to non-sensitive tasks pending results of the investigation.



Please follow our commenting guidelines.

1 Comment

  1. Melvyn Santos on

    I think that COMELEC should be sanctioned for mishandling sensitive information.If there is a law it should be implemented, otherwise, if there is no law yet, better make one to make one aware of the responsibilities in handling such information.