PH Coast Guard comes under 2nd cyberattack this month
Contents of the Philippine Coast Guard’s (PCG) official page on social media platform X (formerly Twitter) suddenly disappear altogether as of Thursday morning, February 15, 2024. INQUIRER FILES
MANILA, Philippines — Unknown hackers attacked the X (formerly Twitter) account of the Philippine Coast Guard (PCG) early Thursday morning, wiping out its entire page content since it was put up in 2013, including its logo and profile picture, but this was “retrieved” about five hours later.
The hacking came nearly two weeks after the Department of Information and Communications Technology (DICT) blocked cyberattacks “from within China” against the Google Workspaces and email addresses of the PCG’s National Coast Watch, the DICT itself, the Overseas Workers Welfare Administration and the official website of President Marcos.
China, which has a decadeslong maritime dispute with the Philippines over parts of the South China Sea, has denied any involvement in that attack.
A television reporter asked the PCG around 6:20 a.m. on Thursday whether its X account had been hacked because the tweets there had disappeared.
‘Compromised’
There was no immediate confirmation but after receiving more queries from the media, the PCG announced at 10:52 a.m. that its X account had been “compromised” and said it immediately coordinated with the X support team to respond to the incident.
It then advised the public “to be cautious in receiving succeeding tweets from the said compromised account,” saying that “we believe that we had a security breach.”
But the PCG refused to call it a hacking as that connotes “malicious intent.”
“We used the term ‘compromised’ because as we speak, we have not monitored any malicious utilization of the account, specifically malicious tweets,” it said before regaining full control of the page shortly before noon.
The Merriam-Webster online dictionary defines hacking as gaining “illegal access to (a computer network, system, etc.).”
“As of 11:30AM, we are glad to announce that we have retrieved access to our official X (formerly Twitter) account with assistance from the X Support Team,” the PCG said.
“We have also strengthened our security measures to protect our account against security breaches,” it added.
According to the PCG, the “unknown entity” that was responsible for shutting down the X page had liked and reposted crypto-related posts while its X account was inaccessible.
“We immediately deleted all traces when we regained access earlier,” it said.
As of Thursday afternoon, the PCG has yet to say who was behind the hacking.
China Unicom
On Feb. 3, the DICT said the cyberattacks against the websites of the President, PCG and other government agencies had been traced to China Unicom, a Chinese state-owned telecommunications company and that three “advanced threat groups” were involved.
“These are believed to be advanced threat groups that operate within the ambit of Chinese territories—that is all I can say—not necessarily government,” Information and Communications Technology Undersecretary Jeffrey Ian Dy said on government television then.
PCG spokesperson Rear Adm. Armand Balilo later said the attempt to hack the PCG website could be related to disputes between Manila and Beijing over the West Philippine Sea, part of the country’s exclusive economic zone in the South China Sea.
Speaker Martin Romualdez has already called for a congressional inquiry into the hacking attempts.
Romualdez said that the DICT’s admission that the cyberattacks originated from Chinese territory posed an issue of “national security and public interest’’
Beijing’s offer
Information and Communications Technology Secretary Ivan Uy had said Beijing offered to cooperate with his department in finding the cybercriminals, who may include third-party nationals.
Asked whether it had information on Thursday’s cyberattack on the PCG, the DICT said its tasks did not include monitoring social media pages like X and Facebook handled by the coast guard and other government agencies and was instead focused on their websites and network systems.
“It is something internal to them. They didn’t ask for assistance,” Information and Communications Technology Assistant Secretary Renato Paraiso told the Inquirer on Thursday.
The incident proves that hackers continue to launch cyberattacks despite stronger defenses being put up to ward them off, Paraiso said.
“On a daily basis, these threat actors try to infiltrate our systems,” he said.
Paraiso said they help other agencies by providing cybersecurity guidelines and vetting appropriate information and communications technology equipment that would be used.
Ian Felipe, country manager of enterprise technology company Trend Micro Philippines, earlier said that government agencies are the usual targets of cyberattacks given the significant amount of sensitive information they handle.
