Hackers forged Palace site | Inquirer News

Hackers forged Palace site

Fake Malacañang server used in ‘Comeleak’
By: - Reporter / @NikkoDizonINQ
/ 12:46 AM April 24, 2016

MALACAÑANG on Saturday said an initial investigation by the information technology department of the Office of the President (OP) indicated that the use of the server “mail.malacañang.gov.ph” appeared to be a “malicious forgery.”

In a radio interview, Communications Undersecretary Manuel Quezon III explained that the Palace mail server could not have been hacked or compromised, but may have been conveniently used as cover for the hacking of the Commission on Elections (Comelec) voter database.

Quezon said the OP’s Management Information System (MIS) department, after reviewing its firewall and server logs, determined that there was no “unusual activity” detected from the “mail.malacañang.gov.ph” mail server.

Article continues after this advertisement

This “suggests, at this point, the possibility of a malicious forgery,” Quezon, speaking on state-run Radyo ng Bayan, said.

FEATURED STORIES

The Malacañang mail server, which handles OP’s incoming and outgoing e-mail messages, was seen as one of the “seeders” of the voter information data uploaded online after the hacking of the Comelec website.

Seeders refer to people or entities that are uploading to the Internet files they have already downloaded.

Article continues after this advertisement

Three possibilities

Article continues after this advertisement

Quezon said the MIS team looked into three possibilities in its investigation: if the server was used to download and seed the torrent (peer-to-peer file-sharing systems); if the server was compromised, or if a remote client was using the mail server to access the Internet; if the culprit intentionally forged his host name to appear as “mail.malacañang.gov.ph” with malicious intention.

Article continues after this advertisement

The “mail.malacañang.gov.ph” subdomain has been delegated to a specific mail server under the OP-MIS department since May 2011, Quezon said.

Quezon said around 9:55 p.m. on April 21, Executive Secretary Paquito Ochoa was informed about social media screenshots that showed the OP’s mail server being used to torrent, or seed, the Comelec database.

Article continues after this advertisement

Experts said “Comeleak,” as the leak is now called, was perhaps the biggest government-related data breaches in history, after personal information of more than 55 million registered voters were uploaded online.

On Friday, Communications Secretary Herminio Coloma Jr. emphasized that the “cyberattack” had not affected the integrity of the automated election system.

READ: Consumer groups want blood over ‘Comeleak’

Downloading going on

“Now, as of yesterday (Saturday) morning, there continued to be screenshots that the torrent was still being downloaded or seeded using the address. So what is being done? An investigation,” Quezon said.

He said the OP-MIS had yet to submit an investigation report.

Quezon said the Office of the Executive Secretary would determine the accountability “if proven that someone indeed used the mail server to download the Comelec data.”

A hacker group defaced the Comelec’s website last month, and on April 6 a second hacker group posted the entire database online, with mirror links where the data would also be downloaded, according to Internet security company Trend Micro.

LOOK: Comelec website hacked

The Tokyo-based company said leaked were personal details of more than 55 million registered voters, including names, birthdays, home addresses e-mail, parents’ full names and in some cases passport details and text markers of fingerprints.

Comelec spokesperson James Jimenez said the leaked data that were uploaded online were not fingerprints but text markers that cannot recreate the fingerprints.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

He said the integrity of national elections on May 9 would not be affected, as the automated balloting would be run on a different server, not on the one that was hacked. With a report from AP

TAGS: Comeleak, Comelec, hackers, Malacañang, Nation, News

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.