Poe to DICT: Act quickly on ‘hacking spree’ of gov’t websites
MANILA, Philippines — Sen. Grace Poe on Monday pressed the Department of Information and Communications Technology (DICT) and other concerned state agencies to quickly act on the “hacking spree of government websites” after the House of Representatives became the latest victim of cybercriminals.
Opposition Sen. Risa Hontiveros also called for an investigation into the “troubling series” of hacking and data breaches, which may have exposed the government agencies’ lack of cybersecurity measures and ill-preparedness to handle cyberattacks.
In her Senate Resolution No. 829, Hontiveros said the breaches in personal data and sensitive information kept by government agencies endangered the safety and security of all Filipinos.
“[These activities leave Filipinos] even more vulnerable to increasingly nefarious schemes involving text message spams, online scams, phishing, financial fraud, extortion, blackmail and identity theft,” she pointed out.
Poe, the chair of the Senate public services committee, said all government offices should protect public and official records by fortifying their cybersecurity systems to prevent data breaches.
Article continues after this advertisement“It should not be business as usual for them and just wait for the next victim of data breach. These hackings must be stopped and hold those behind it liable,” Poe said in a statement.
Article continues after this advertisementBesides compromising critical state records, she said the illegal access to the online infrastructures of government offices also put national security at risk.
“Data breaches also jeopardize personal information of the people, whose own accounts may be subjected to hacking or unwanted exposures,” she added.
The website of the House of Representatives was defaced by a group of hackers on Sunday.
Before noon, the House website was virtually vandalized by a group of hackers who go by the name “3MUSKETEERZ.”
In particular, the photo journals portion had been replaced with a troll-face meme that had the texts “YOU’VE BEEN HACKED” and “HAVE A NICE DAY.”
Lack of experts
The House of Representatives is considering the possibility of hiring a third-party cybersecurity expert to beef up its online defenses.
House Secretary General Reginald Velasco said they were planning to outsource cybersecurity experts to “rectify” vulnerabilities pointed out by the DICT that led to the cyberattack on the House website.
“We have to admit that we lack cybersecurity experts. We have an IT group which we’re trying to build up, but we lack time to recruit people and address the vulnerabilities discovered by the DICT,” Velasco said in an interview with House reporters.
Before the House incident, the Philippine Health Insurance Corp. also fell victim to an attack by Medusa Ransomware, with the hackers reportedly demanding $300,000 (about P17 million) for the release of personal data of members of the state health insurer.
On Oct. 12, the Philippine Statistics Authority also disclosed that hackers had accessed its “community-based monitoring system,” which contained “sensitive personal information.”
Hontiveros also cited data from the Anti-Cybercrime Group of the Philippine National Police that it had recorded 16,297 reports of cybercrime cases in just the first quarter of 2023.
There is a possibility that thousands more of these cases were not being reported, Hontiveros said.
“The series of online attacks calls into question the sufficiency of prevailing cybersecurity measures in government agencies handling sensitive information vital to national security, and there is a need to assess the current capacity of the government to secure critical strategic infrastructure from cyberattacks and potential threats,” she said.
In calling for an inquiry, Hontiveros cited Republic Act No. 10173, or the Data Privacy Act, which places the “inherent obligation” on the state to ensure that personal information and communications systems in the government and private sector are secured and protected.