NBI arrested three suspects in cybersecurity breach at the Philippine Navy.
MANILA, Philippines — Do something wrong, and the long arm of the law will catch you, the founder of the BloodSec International (BSI) group of hackers said Thursday.
“Basta gumawa kayo ng masama, may mga ahensya na hahabulin kayo. Hindi kayo makakatakbo. Kahit gaano kayo katagal magtago, mahuhuli kayo,” BSI founder Daniel Xavier Valdez said as he apologized to the Philippine Navy and Philippine Army.
(When you do something wrong, there will be government authorities that will go after you. You cannot run away, and no matter how long you hide, you will be caught.)
“Humihingi po ako ng pasensya sa ating Philippine Navy at ating Philippine Army sa pag-deface at sa pag-test [ng kanilang system] without papers,” said Valdez.
(I apologize to the Philippine Navy and Philippine Army for defacing and testing their system without papers.)
READ: NBI nabs hackers involved in PH Navy cybersecurity breach
Valdez said his group defaced the Philippine Army website in 2016.
He said he tested the capability of the Navy’s system this year. However, he admitted that he did the testing without prior approval from military officials.
“Noong 2023, kinontak ko ang aking isang miyembro na taga-Philippine Navy… Dito, napagusapan namin na siya pala ay nagdedevelop ng website nila.
“Binigyan niya ako ng link ng website na ito kung pwede ko i-testing. Ako naman, kampante kasi isa syang miyembro ko na matagal na rin. Tinest ko ang website na binigay niya at agad-agad kong na-access ang hidden directories,” Valdez said.
(In 2023, I contacted one of our members from the Philippine Navy. We talked about him working as a developer of the Navy’s website. He gave me a link to their website to test it. I was confident because he had been a member for a long time. I tested the website he gave me and immediately accessed the hidden directories.)
Valdez explained that the hidden directories that he managed to access were hidden files that could also be accessed by threat actors.
Threat actors refer to hackers who breach a system and sell the data.
Valdez said he reported his findings to his Navy member to inform the Navy leadership.
“Gusto kong makatulong, binigay ko ang information kung pano i-fix, paano ayusing ang mga vulnerabilities, ano ang possible na magpapalakas ng mga security,” he said, pointing out that he already changed his ways and wants to do the right thing.
(I want to help, so I provided information on how to fix, how to address vulnerabilities, and what could potentially strengthen security.)
He maintained that he is not working for any foreign entity nor does he intend to sell the data from the military.
“Wala po akong intensyon na ibenta ang mga data kasi po ito ay data ng mamamayan natin. Dapat nating ma protektahan. Ito ay hindi dapat mapunta sa maling kamay. Kaya ko nireport ang mga vulnerabilities sa ating isang Philippine Navy personnel na isa kong miyembro dati,” he said.
(I have no intention of selling the data because it belongs to our citizens. We must protect it. It should not fall into the wrong hands. That is why I reported the vulnerabilities to a Philippine Navy personnel who was a former member of mine.)