THE National Bureau of Investigation (NBI) has nabbed the second of three suspects in the hacking of the Commission on Elecctions (Comelec) website.
Comelec Chairman Juan Andres Bautista on Friday said that the suspect, Dionel de Asis, 23, admitted being the mastermind of hacking operations wherein some 340-gigabyte of data were stolen.
“He admitted to us that he was the mastermind. He also explained that their intention was nothing more than to prove that the Comelec website has weak safeguards and vulnerable to hacking,” the poll chief added.
According to Comelec spokesma James Jimenez, the second hacker did the ground work that successfully breached the website’s defenses and gained access to the voters database.
Jimenez said the hacker knew that what they did would not affect the coming elections because there were encrypted files that they failed to decrypt.
De Asis was arrested Thursday by virtue of a search warrant Thursday night inside his residence in Muntinlupa City.
De Asis and the first arrested suspect, Paul Loui Biting, were both graduates of the Technological University of the Philippines with degrees on Information Technology (IT).
The NBI is running after a third suspect.
Jimenez also disclosed that the Comelec conducted its own internal investigation on the incident to determine if negligence or fraud was committed by employees responsible for maintaining and protecting the poll body’s website.
The Commission has also created a technical working group, led by Jimenez, to look further into the hacking incident, and likewise tapped the services of cybersecurity experts from abroad to ensure that no similar incident will occur in the future.
According to internet security provider Trend Micro, the hackers were able to copy the personal information of 1.3 million registered overseas Filipino voters and the fingerprints of 15.8 million other voters, which rendered them vulnerable to identity theft.
Earlier, the Church-based election watchdog Parish Pastoral Council for Responsible Voting (PPCRV) called on the Comelec to be “up front” in reporting to the public what they need to know about the hacking incident on its website.
PPCRC Chairman Henrietta de Villa said that what happened was both disturbing and alarming since it involves the personal information of more than 55 million registered voters.
De Villa stressed that the public has the right to know what really has been stolen and what is being done to address it.
She said that more than the arrest of the hackers, the Comelec should run after the persons responsible for the hacking, which extends to some people within the poll body and those tasked to maintain the website.
“Whoever is accountable should be made to render a report. Because if you put up the website and you recruit people to work for the website, there should be a guarantee that it is fool proof,” De Villa pointed out.
Jimenez has admitted that the Comelec website was put up without a strong security firewall, such that the hackers, after a series of attempts, were able to find loopholes in the system.
“That’s what we’re protecting against now. We are taking the steps necessary to correct the situation. We are taking steps to make sure the website that we put up again is safe from intrusion,” Jimenez added.