Arrested hackers got access to Smartmatic from ex-employee who surrendered to NBI — Mancao
MANILA, Philippines — The three hackers who were arrested on Saturday after claiming they can manipulate the results of the 2022 national and local elections were connected to the Smartmatic former employee who surrendered to the National Bureau of Investigation (NBI).
Cybercrime Investigation and Coordinating Center (CICC) executive director and Undersecretary Cezar Mancao II made the confirmation during the press briefing on Tuesday, adding that it was Ricardo Argana who gave the three hackers access to the Smartmatic system.
The Commission on Elections (Comelec) has tapped Smartmatic again for the automated elections, but the company was rocked by controversies after Argana was found to be behind the Comelec system breach.
“Yes, connected ito doon sa nahuli, unang nagsuko na si Ricardo Argana na ngayon ay hindi na mahanap, subalit sa kanyang pagtatago ngayon ay talaga namang hinahanap pa rin, at wala na totally ‘yong access niya dahil binigay niya na dito sa isa, kay alyas Brake […] sa dark web, do’n nangyayari ‘yong criminal activities, at doon nila nilalagay at binibigay ‘yong impormasyon,” Mancao added.
(Yes, this is connected to the other suspect, Ricardo Argana who has gone into hiding and is being searched by operatives. He no longer has access to the Smartmatic system because he gave it to the suspects, to alias Brake […] over the dark web, that’s where the criminal activities happen, and the information is placed there.)
Information relayed by CICC earlier said that Joel Adajar Ilagan alias ‘Borger’, Adrian de Jesus Martinez alias ‘Admin X’, and Jeffrey Cruz Limpiado alias Brake/ Vanguard/ Universal/ LLR’ were arrested in an operation in Laguna and Cavite last Saturday.
The three, who belong to the ‘XSOS Group’, are facing cases for violating Republic Act No. 10175 or the Cybercrime Prevention Act of 2012 for the following reasons:
- hacking the Smartmatic system
- disrupting the Comelec website
- hacking the Napocor website
- hacking the credit cards and other online transactions
- ransomware committed against local commercial website
Mancao said that they have been monitoring the group, who did not know that they were already transacting with CICC personnel.
Limpiado’s group was supposedly asking for P60 million in exchange for the data they stole, including a P10 million boodle money for downpayment which will now be used as evidence.
“Ang direktang kausap ng suspect, si alyas Brake, na ngayon ay nalaman nating si Jeffrey Limpiado, na siya ring utak ng XSOX group, ay siyang huling tumanggap ng actually boodle money na P10 million kasi humihingi nga ng P60 million dahil initial downpayment ang P10 million bago namin naipalabas,” Mancao, a former police intel officer during the Estrada administration, said.
(We directly talked to the suspect, alias Brake whom we now know is Jeffrey Limpiado who is the mastermind of the XSOX group, who also accepted the boodle money of P10 million as a downpayment for the P60 million before the data is released.)
“At ito naman ay inoperate ng ating mga IT operatives at natunton, nakipag-communicate sa kanila naman, akala nila eh sumasang-ayon do’n sa kanilang plano, at sinusubaybayan. In fact nagkaroon ng three meetings — una doon sa Solaire, pangalawa sa Edsa-Shang hotel, pangatlo doon sa Pansol, Laguna,” he added.
(They were operated by our IT operatives and they were discovered, and we communicated with them. They thought we were onboard with what they were doing so we planned and monitored them. In fact there were three meetings — first in Solaire, second at the Edsa-Shang hotel, and third in Pansol, Laguna.)
Just this January, there were fears that the election results may be rigged in favor of a candidate due to rumors of Comelec being hacked. However, Comelec officials back then clarified that they are confident enough that their system cannot be hacked, as they did not see any evidence of a data breach.
But concerns about the elections resurfaced after reports about the ex-Smartmatic employee being involved in the data leak.
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.