NBI logo over a shot of the facade of its headquarters
MANILA, Philippines—The National Bureau of Investigation (NBI) has confirmed that it is investigating the alleged involvement of the Manila Bulletin’s information technology editor in hacking several government websites.
Atty. Jeremy Lotoc, chief of the NBI’s Cybercrime Division, said one of the recently arrested hackers is a Manila Bulletin data officer.
He said the data officer executed an extrajudicial statement identifying Mr. Art Samaniego, giving him instructions to test the vulnerabilities of websites and mobile apps.
“Base sa extrajudicial confession ng hacker, galing daw sa editor ang direksyon kung ano ang iha-hack at pagkatapos ma-hack, ‘yung editor na raw ang bahala mag-exploit kung ano ang gagawin niya,” Lotoc said.
(Based on the hacker’s extrajudicial confession, the editor gave directions on what to hack. After the hack, the editor is responsible for exploiting the hacked data.)
“During investigation din namin nakita na sa bawat incident, itong editor na ito siya ang nauunang mag-post ng article about the hacking incident. Nakita namin ‘yung pattern at according sa ating hacker, nung hinack nila ang AFP (Armed Forces of the Philippines) at NSC (National Security Council), that was the direcive ng editor na yon,” he added.
(During our investigation, we also found that in each incident, this editor is always the first to post an article about the hacking incident. We observed this pattern, and according to the hacker, when they hacked the AFP and NSC, it was the directive of that editor.)
Lotoc also said that there are allegations that Samaniego also pays local hackers for vulnerabilities in systems across the Philippines.
The hacker has been with the Manila Bulletin for five years. He is responsible for the security of the news outlet’s website and servers.
“I got to know Sir Art during my Pinoy LulzSec days. I will send him details of my exploit, explaining how I did it, and show him proof of concept to prove that hacking occurred and that I was the one who did it. I will send the database and its severity, and in turn, he will write an article about it,” the hacker said at a press conference.
According to the hacker, one of the most recent instructions he received was to test the vulnerability of the 1Sambayan mobile app. 1Sambayan is a political coalition composed of members of the opposition during the 2022 election.
“Nag-ask siya kung puwede ko i-check, meaning i-check for vulnerability (He asked if I could check it, meaning checking for vulnerabilities),” he said.
“Na-pull ko ‘yung data ng volunteers (I was able to pull the date of the volunteers),” he added.
Although he could no longer remember, he said the data is around 2,000.
Samaniego has denied the allegations, saying he has been at one with the government in fighting cybercrime.
Meanwhile, the Manila Bulletin, in a statement posted on its Facebook account, said: “As a responsible corporate citizen, the Manila Bulletin has always adhered to the laws of the land and requires its employees to be accorded their rights. We assure the public of the Manila Bulletin’s utmost fidelity to the laws of the land.”