DICT regains partial access to hacked DOST network

The Department of Information and Communications Technology (DICT) has regained partial access to the hacked network of the Department of Science and Technology (DOST), involving about 2 terabytes of data.

“We were able to get a hold of some of the systems that were compromised,” DICT Assistant Secretary Renato Paraiso said on Thursday, declining to provide details because of an ongoing investigation.

READ: DICT gains partial access to DOST’s compromised system

Paraiso previously said that DOST IT administrators and employees were blocked from accessing research plans, schematics and designs following the cyberattack, which was detected around 11 a.m. on April 3.

The cyberattack was expected to delay the approval of pending patents and other DOST initiatives, the official added.

Based on initial findings, the DICT official said the hacking looked like a ransomware attack because it blocked access to documents, but there has been no ransom demand for the release of the compromised data.

Should the perpetrators ask for ransom, he said: “We do not negotiate with criminals or terrorists,” adding that probers were still working on full recovery of the compromised systems.

Call for better cybersecurityThe DICT official clarified that the DOST already has cybersecurity measures in place, “however, the threat actors were able to penetrate the system.”

Paraiso said the incident raised the need for government agencies to be “forward-looking” when procuring cybersecurity software and other technology since cyberattacks have become common in the country.

In fact, the country deals with 2 million cyberattacks daily, he added.

READ: Hackers gain access to sensitive DOST data

No PSA data breachIn a related study by cybersecurity firm Kaspersky, it was noted that the Philippines dealt with approximately one digital threat per second, or nearly 72,000 per day, last year. It blocked over 26.16 million web attacks in the country last year.

The attacks include typical phishing emails embedded with suspicious web addresses linked to fake websites. The goal of cyberattackers is to illegally obtain sensitive and personal data they can use to take over one’s bank, e-wallet and other accounts.

In a related development, the Philippine Statistics Authority (PSA) denied on Thursday that its system, which includes data from the country’s national ID system, was also compromised.

“So far, our IT team found no evidence of such data breach,” National Statistician Claire Dennis Mapa said in a Viber message.

Mapa was responding to a Facebook post by online group Deep Web Konek, which said there was “an allegedly massive 152GB (gigabyte) leak of the Philippine Citizen Identity Card, which most likely [came from] the Philippine Statistics Authority.”

The post was created a few hours after the DOST data breach was reported.

“I was informed the original post was recalibrated and no longer refer to PSA,” Mapa said.

In October last year, the PSA was hit by a data breach that affected its community-based monitoring system, which the statistics agency uses to generate data at the local level to form a basis for targeting households in the planning, budgeting, and implementation of the government’s social programs. INQ

View comments

TAGS: DICT, hacked