The Department of Information and Communications Technology (DICT) said on Thursday that Beijing had offered to help Manila track down the hackers allegedly operating from China who tried to attack several Philippine government websites recently.
At a press briefing, DICT Secretary Ivan Uy said his department was open to “working with everybody,” to round up cybercriminals who may include other foreign nationals.
“They reached out to ask if we can do some cooperation, which actually [works] both ways—cooperation has to come as a mutual activity,” Uy said.
“So, they are willing to help. They have mentioned that if we can share with them information on what transpired so they can help track down and find the perpetrators,” Uy added.
On Saturday, one of his undersecretaries, Jeffrey Ian Dy, disclosed that the DICT thwarted cyberattacks three weeks earlier that it had traced to somewhere in China.
Dy said three “advanced threat groups” targeted and lurked in government mailboxes and Google Workspaces of the DICT, the Philippine Coast Guard’s National Coast Watch and even President Marcos’ personal website, bongbongmarcos.com.
‘Command and control’
He said the hackers’ “command and control” was operating “from within China,” through China Unicom, a Chinese state-owned telecommunications company.
On Monday, the Chinese Embassy in Manila denied its government had a role in the hacking attempts, calling allegations and media reports about Beijing’s alleged involvement as “malicious” and “irresponsible.”
Uy said that it was “too early” to conclude that the hacking attempts were linked to the ongoing maritime dispute with China in the West Philippine Sea.
“Everything is in the realm of the possible, but we always maintain open arms. Anyone who wants to cooperate, you know, we don’t reject those offers and then see where we go from there,” he said.
At the news forum in Malacañang, Uy explained that China had sought cooperation with the DICT supposedly to prosecute hackers who had been preying on its own citizens and weakening its cybersecurity.
Pogo raids
He cited the recent raids on a Philippine offshore gaming operators (Pogo) hub that rounded up more than 600 people, 200 of whom were Chinese.
“When we looked into the computers of those arrested, we discovered that they were victimizing citizens in China, Hong Kong, Taiwan and Singapore—all Mandarin-speaking countries—for their scams,” Uy said.
According to Uy, China wanted information on those behind the hacking attempts so it could work on their deportation and have them prosecuted in their home countries.
Uy said the hacking attempts could be the handiwork of mercenaries who have been hiding in different countries using their talents to conceal their identities.
“So, coordination among different countries to work together and go after these groups is important. We are open to working with everybody. These actors, they are everywhere,” the DICT chief said.
‘Obsolete’ structure
Strengthening the DICT’s capacity to block cyberattacks would be done through a five-year National Cybersecurity Plan approved by the President, but an “obsolete” civil service structure was hampering the recruitment and retention of much-needed experts, according to Uy.
The 2024-2029 plan would provide direction on policies and guidelines for building the country’s cybersecurity posture. A DICT-ICT Academy would be established.
One component of the plan, Uy said, includes “capacity building and upskilling” of cybersecurity personnel, with the projected opening of more than 2 million jobs in both the government and the private cybersecurity sectors brought about by the “huge upsurge” of online commerce following the COVID-19 pandemic.
“Our main problem—typical in any government office—is the plantilla that’s allowed by DBM (Department of Budget and Management), based on budget and all of those, which is limiting us,” he said.
Prone to poaching
“The sad thing about this is the positions or plantilla classification we have in government now is too outdated, that we still do not have job items for cybersecurity or (artificial intelligence) experts,” Uy added.
With limitations on job titles and salaries, Uy said, the DICT could not retain its cybersecurity experts as they were prone to getting poached by higher-paying jobs in private companies or overseas.
“Sometimes, we just appeal to their patriotism to do it for the country, to serve the public,” he said.
He said the DICT would first improve the cybersecurity skills of government workers with its ICT Academy and then expand the training to include private individuals who want to also be trained.