NBI arrested three suspects in cybersecurity breach at the Philippine Navy.
After successfully fending off “hundreds of attempts to breach” its cybersecurity systems, the Philippine Navy is investigating one of its own members for allegedly taking part in hacking its network and downloading its database.
Navy public affairs chief Cmdr. John Percie Alcos on Thursday said the Navy’s “insider threat program” was able to detect an intrusion carried out by a group of hackers called Blood Security International (BloodSec) where one of their personnel was supposedly a member.
Members of the BloodSec were also involved in other similar incidents, such as the 2016 hacking of the Commission on Elections website, but most of their members have already been arrested, according to National Bureau of Investigation Director Jaime Santiago.
READ: Hacker apologizes for PH Navy cybersecurity breach
The Navy was able to respond quickly before the hackers could advance far into the network.
“We get hundreds of attempts to breach our systems but so far the NICTC (Naval Information and Communications Technology Center) has not reported any actual successful breaches in our systems,” he said.
“We’ve diligently taken our immediate measures, that’s why the second and third attempts were not very successful,” he said in a joint press conference with the NBI in Quezon City.
“We are currently intensifying cybersecurity measures across all fronts. We are enhancing our monitoring systems, conducting regular vulnerability assessments, and enforcing training programs for our personnel,” he said.
External actors
The Navy member voluntarily surrendered when informed that he was tagged as a “person of interest” following the network infiltration detection, Alcos said. The Navy declined to identify whether he was a civilian or a uniformed personnel.
It also did not provide details of when the hacking happened, pending an investigation.
One of the Navy personnel’s hacking group companions was able to obtain 10 gigabyte worth of data, including the “disposition of vessels” in the West Philippine Sea, dating back to 2022 that “can be considered as open source information” shared to the media during regular press briefings, Alcos noted.
Two civilians supposedly “in constant communication” with the Navy personnel—Daniel Xavier Valdez and Anikin Luke Abales—were arrested in separate operations by the NBI on Tuesday in relation to the hacking incident
All three individuals, who are now facing charges for violating the Cybersecurity Prevention Act and Data Privacy Act, were presented to the media during the press conference.
Naval Inspector General Rear Adm. Roy Vincent Trinidad said the Navy personnel involved would face appropriate sanctions and an investigation was also underway to find out whether there were other members within the organization involved.
He also played down the threat of the recent hacking attempt on the Navy’s security.
“From the mindset of a hacker, it’s more of the accomplishment that you were able to breach, not so much the data. They get their sense of fulfillment from being able to breach or break through your [system],” he said.
Review DICT programs
In Congress, Navotas Rep. Toby Tiangco, chair of the House committee on information and communications technology, on Thursday called on the Department of Information and Communications Technology (DICT) to conduct a comprehensive review of its existing programs and policies amid the recent surge in cyberattacks and data breaches against government systems.
In a statement, he said the recent spate of cases, as well as the country’s high ranking in global data breach cases, “underscored the urgent need for more robust measures to protect our nation’s digital infrastructure and the data of Filipinos.”
“The DICT should adopt a proactive approach similar to how doctors address health concerns—prevention is key. While we appreciate the efforts of the agency, these must be complemented by preventive measures against cybercrimes,” he said.
“Our regulatory policies must adapt to the evolving nature of cybercrimes. Without robust digital infrastructure, Filipinos remain vulnerable to privacy breaches, fraud and other cybercrimes,” he added.
Tiangco’s statement came after the Department of Migrant Workers recently suspended its online services following a ransomware attack.
The latest report by Surfshark, a Norway-based virtual private network provider, ranked the Philippines 29th out of 250 countries and territories in terms of data breaches in the second quarter of 2024.
Although the same survey recorded a sharp decrease in incidents, from 7.7 million cases in the first quarter to over 385,000, the high global ranking remains alarming, Tiangco said.
Last April, the same House panel led a hearing that revealed more than 30,000 vulnerabilities in at least 2,002 state-owned digital assets, such as files, photos, videos and databases.
Based on their assessment, the top 10 agencies that were most at risk for critical incidents were the DICT, Department of Health, Department of Transportation, Department of Environment and Natural Resources, Department of Science and Technology, National Economic and Development Authority, Philippine National Police, Philippine Economic Zone Authority, Civil Service Commission, and the Office of the President.