DICT: Chinese mostly behind 2,900 hackings foiled per year
Stock image/Inquirer files
MANILA, Philippines — An interagency cybersecurity network has thwarted an average of 2,900 hacking attempts on government websites every year, most of which were traced to “Chinese actors,” an official of the Department of Information and Communications Technology (DICT) said on Wednesday.
At a press briefing in Malacañang, DICT Undersecretary Jeffrey Ian Dy said Chinese “advanced persistent threats” (APT) groups have been identified as responsible for the hacking attempts targeting agencies such as the Philippine Coast Guard (PCG), Department of Agriculture (DA) and Department of Environment and Natural Resources (DENR).
“The problem with attributions (of hacking attempts) is that there… is no such thing as 100-percent attribution. There are some candidates but we’re not yet prepared to say (who they are),” he said.
READ: 3 suspected hackers caught, tech journalist implicated
“But you will notice that there are reports from the (United States) and there are media reports from other countries which indicate that it seems that Chinese actors—not necessarily China [but] Chinese actors—are actively hacking certain government online assets,” Dy added.
Dy made the statement in response to media queries on the government’s preparedness to counter the hacking attempts on government sites.
READ: NBI probes Manila Bulletin’s editor for alleged hacking
“What I would say is that we are significantly better now. Our detection mechanisms are there, our protective systems are there and you will notice that we are now sharing information also with our allies,” he noted.
Centralized operation
Dy said President Ferdinand Marcos Jr. has approved the proposed $288-million Philippine Digital Infrastructure Project (PDIP), a flagship project of the Marcos administration that aims to boost internet access especially in remote areas and strengthen cybersecurity in the country.
READ: NPC confirms data of 11M Jollibee customers leaked
Part of the PDIP is the national security operations center, which has connections to 30 government agencies and is tasked to respond to all hacking incidents in the government, according to Dy.
“(The center) is the reason why we were able to defend approximately 2,900 early detection of (hacking) attempts on government agencies, including LGUs (local government units),” he said.
“That is what it does: it has sensors that detect if there is an attempt, and then we mobilize our team to be able to mitigate it,” Dy added.
Some of the recent hacking attacks were reported in the media, Dy said, such as the attempt on the DICT’s mail exchange services in January and early February that was traced to the Chinese hacking group known as “APT 41.”
“There were attempts on the [DA] and DENR but then we were able to detect that, so these have been reported in the media because we were able to [stop] them,” he said.
There were also “multiple” hacking attempts on the PCG, according to Dy, who is DICT undersecretary for infostructure management, cybersecurity and upskilling.
According to Dy, recent attempts to hack the websites of the PCG have been traced to a group identified as “either APT 41 or APT 50,” although he clarified that such findings were not based on tracking their IP (internet protocol) addresses.
“We did attribute these (attempts) to Mustang Panda APT, and our allies also agreed with us,” he said, referring to the United States and the United Kingdom.
“Like I said, attribution is a very difficult and very complex process, but we believe that the tactics, techniques and procedures, which means the behavior of the attacker, is very very similar to APT 41 or Mustang Panda, which is a Chinese (hacking group),” he said.
However, Dy admitted that the DICT “still does not have the confidence” to declare that the attacks on government websites by Chinese actors were state-sponsored.
Dy conceded that the Philippines still needed a lot to improve on its cybersecurity measures, pointing out that the DICT was able to repulse 2,900 attacks yearly in a country of 118 million, compared to the 18,000 attacks thwarted by Singapore, a country with a population of only six million.
“So, I think we need to improve this, for example, by having a cybersecurity law that will mandate even the private sector to report to us, if there is a cybersecurity incident,” he said.
The National Privacy Commission (NPC), for its part, has urged private companies holding huge volumes of sensitive private information to up their game and undertake tighter security measures to prevent data breaches that endanger the safety and privacy of the public.
“Companies should now be more proactive rather than reactive, responding only when they are already hit; they should now set up measures to protect their data because that is their obligation, and by doing so, we give assurance that the data we hold is well handled and protected,” lawyer Rainier Anthony Millanes, chief of the NPC’s compliance and monitoring division, said in a television interview.
“They should not allow themselves to become the latest victim of these hackers as this will definitely cause damage to the reputation of your organization,” Millanes said during the government television program “Bagong Pilipinas Ngayon.”
Millanes made the statement as he gave updates on the latest hacking incident that reportedly compromised personal data of more than 11 million customers of fast food chain Jollibee Food Corp. and its sister companies.
He said the agency was now tracking down the identity of the hackers behind the recent attack.
“We have seen indications that this data breach is connected to the numerous extortion activities happening worldwide specifically this month of June, with around 165 companies targeted all over the world,” he said.
