Senate website hacked but no secret, sensitive data lost
Kacper Pempel/illustration/file photo
MANILA, Philippines — A group of hackers who call themselves DeathNote Hackers were able to infiltrate the Senate website and extract employee usernames and logs, the Department of Information and Communications Technology (DICT) said on Wednesday.
Information Assistant Secretary Renato Paraiso told the Inquirer the hacking incident was “not alarming” as it was resolved immediately and the website was not even defaced by the group.
READ: NBI nabs hackers involved in PH Navy cybersecurity breach
The breaching of the Senate’s information technology (IT) system by DeathNote Hackers was first reported by cybersecurity group Deep Web Konek on Tuesday evening.
But Paraiso stressed that the hacker group did not reach the main IT system, just the website. Still, the DICT sent its National Computer Emergency Response Team to the Senate to conduct vulnerability tests on its firewall. According to him, this will help in beefing up the cybersecurity measures against threat actors.
READ: BOC probes into hacking of its app users’ personal information
Public documents Lawyer Arnel Jose Bañas, Senate spokesperson, said no sensitive or confidential data were taken by the hackers, adding that the usernames and logs extracted from the Senate Sharepoint site were merely used for uploading public documents.
“We therefore confirm the statement of DICT Assistant Secretary Renato Paraiso that the incident is not cause for alarm,” Bañas said in a statement.
According to him, access was gained to documents such as transcripts of committee hearings, journals of plenary sessions, and other legislative documents which were intended for public consumption.
“No sensitive or confidential data was affected. In fact, the Senate, upon request, grants access to anyone who wishes to download these documents,” Bañas said.
He stressed that the Senate would continue all efforts to ensure that its website remains secure and protected by robust cybersecurity measures.
Paraiso said the incident stressed the need for the government to continuously improve its cybersecurity systems to keep hackers out of its networks.
The same group, he noted, was also behind the data breach at the Bureau of Customs (BOC) earlier this year.
In April, it was reported that 4.5-gigabyte worth of BOC data was compromised by the hackers. These included the personal information of more than 2,200 employees and about 80,000 customers, based on Deep Web Konek’s findings.
Last month, even the DICT fell victim to a system breach by an entity that identified itself as “ph1ns.”
The website of the agency’s Disaster Risk Reduction Management Division was defaced but control over it was regained in less than an hour. The hacker group, in a message posted on the website during the attack, urged the DICT to strengthen its firewall and beef up its IT personnel who are suited to fend off cyberattacks.
