Three alleged hackers were arrested by the National Bureau of Investigation (NBI) on Wednesday for hacking private and government websites, banks, and Facebook accounts.
According to the NBI-Cybercrime Division (NBI-CCD), the three men were part of the Philippine LulzSec and Globalzec hacking groups. One has been a Manila Bulletin data officer for the past five years, another was a cybersecurity researcher in a company in Taguig City, and the third was a graduating student.
They were arrested in a hotel in Manila discussing a project to hack a company called “BELO” with an NBI informant, whom they had met on June 14. But at the meeting, they already had the company’s database and log-in information, according to the NBI.
The NBI refused to identify the suspects by name.
READ: NBI probes Manila Bulletin’s editor for alleged hacking
But at a press conference at the NBI on Friday, Jeremy Lotoc, chief of the NBI-CCD, said the data officer gave an extrajudicial confession saying it was Manila Bulletin tech editor Art Samaniego who instructed him to hack websites and mobile apps to test its vulnerabilities.
Lotoc confirmed that they were investigating the allegations against Samaniego.
“Based on the extrajudicial confession of the hacker, the direction on what to hack supposedly came from the editor, and after the hack, the editor would then decide how to exploit it,” he said.
“During our investigation, we also found that in each incident, this editor was the first to post an article about the hacking incident. We noticed the pattern, and according to our hacker, when they hacked the AFP (Armed Forces of the Philippines) and NSC (National Security Council), that was the directive of that editor,” Lotoc added.
‘Details of exploit’
Inquirer.net, a sister company of the Philippine Daily Inquirer, reported that Samaniego denied the data officer’s allegations. The Inquirer called and sent Samaniego a message to get his comments and other details but he has yet to respond as of this writing.
According to the Bulletin data officer, one of the recent instructions Samaniego allegedly gave was to check the vulnerability of the 1Sambayan mobile app. 1Sambayan is an opposition political coalition formed during the Duterte administration.
He said he was able to pull the data of around 2,000 volunteers.
He said he met Samaniego during his days with Pinoy LulzSec.
“I will send him details of my exploit, explaining how I did it, and show him proof of concept to prove that hacking occurred and that I was the one who did it. I will send the database and its severity, and in turn, he will write an article about it,” he said during the NBI press conference.
The NBI said the suspects would be charged with violation of the Cybercrime Prevention Act and the Data Privacy Act.
The Department of Information and Communications Technology (DICT) said it would be working with the NBI in investigating the allegations against the suspects.
“We will assist our colleagues from the NBI as their technical consultants and help them build their case against these suspected individuals,” the DICT said in a statement on Friday.
It said that it was part of the National Cybersecurity Interagency Committee and its working groups that share intelligence and technical information regarding hacking cases and assist law enforcers in apprehending cybercriminals.
The National Privacy Commission (NPC) said it was also coordinating with the NBI regarding the arrests.
‘Vulnerability tests’
Roren Marie Chin, chief of the NPC’s Public Information and Assistance Division, told the Inquirer that the investigation was connected to the case of Samaniego.
Chin said that those found to have violated the Data Privacy Act of 2012, who knowingly and unlawfully violated data confidentiality and security data systems, or had broken into any system where personal and sensitive personal information are stored, face jail time ranging from one year to three years.
The offenders are also fined ranging from P500,000 to P2 million.
Manila Bulletin said in a statement that it “always adhered” to the country’s laws and required its employees to be law-abiding.
“We expect employees to be accorded their rights,” it said. “We assure the public of Manila Bulletin’s utmost fidelity to the laws of the land.”
READ: AFP probe into arrested Chinese ‘hacker’ launched
If his participation in the hacking is proven, it will not be the first time that Samaniego has been involved in launching cyberattacks against private websites.
In 2005, Samaniego and local internet service provider Tridel Technologies Inc., were involved in launching “vulnerability tests” on INQ7 Interactive, a joint venture between the Inquirer and GMA 7 intended to integrate print, television, radio, and other media to deliver content on the web.
Both Tridel and Samaniego were accused of violating Republic Act No. 8792, more commonly known back then as the Philippine Electronic Commerce Act, a law that penalizes unauthorized access to networks and computers.
The case was eventually settled out of court in 2006. Both accused issued their own public apologies for the hacking.
‘Shared duty’
The military warned the public to stop “cyberaggressions” and said it was committed to defending the nation’s sovereignty and ensuring the safety and security of the nation’s cyberspace.
“We stand ready to support our government in countering these threats through coordinated efforts, intelligence sharing, and advanced technological measures,” said Col. Francel Margareth Padilla, the Armed Forces of the Philippines spokesperson.
Padilla said the arrest of the suspected hackers served as a “stark reminder of the persistent threats we face in the cyberdomain.”
“It underscores the importance of robust cybersecurity measures and the consequences of failing to address these adversities effectively,” she added.
Cybersecurity, according to Padilla, is not solely the government’s responsibility “but a shared duty that requires the cooperation and vigilance of every Filipino.” —WITH REPORTS FROM ALDEN MONZON, TYRONE JASPER PIAD AND NESTOR CORRALES