MALACAÑANG on Saturday said an initial investigation by the information technology department of the Office of the President (OP) indicated that the use of the server “mail.malacañang.gov.ph” appeared to be a “malicious forgery.”
In a radio interview, Communications Undersecretary Manuel Quezon III explained that the Palace mail server could not have been hacked or compromised, but may have been conveniently used as cover for the hacking of the Commission on Elections (Comelec) voter database.
Quezon said the OP’s Management Information System (MIS) department, after reviewing its firewall and server logs, determined that there was no “unusual activity” detected from the “mail.malacañang.gov.ph” mail server.
This “suggests, at this point, the possibility of a malicious forgery,” Quezon, speaking on state-run Radyo ng Bayan, said.
The Malacañang mail server, which handles OP’s incoming and outgoing e-mail messages, was seen as one of the “seeders” of the voter information data uploaded online after the hacking of the Comelec website.
Seeders refer to people or entities that are uploading to the Internet files they have already downloaded.
Three possibilities
Quezon said the MIS team looked into three possibilities in its investigation: if the server was used to download and seed the torrent (peer-to-peer file-sharing systems); if the server was compromised, or if a remote client was using the mail server to access the Internet; if the culprit intentionally forged his host name to appear as “mail.malacañang.gov.ph” with malicious intention.
The “mail.malacañang.gov.ph” subdomain has been delegated to a specific mail server under the OP-MIS department since May 2011, Quezon said.
Quezon said around 9:55 p.m. on April 21, Executive Secretary Paquito Ochoa was informed about social media screenshots that showed the OP’s mail server being used to torrent, or seed, the Comelec database.
Experts said “Comeleak,” as the leak is now called, was perhaps the biggest government-related data breaches in history, after personal information of more than 55 million registered voters were uploaded online.
On Friday, Communications Secretary Herminio Coloma Jr. emphasized that the “cyberattack” had not affected the integrity of the automated election system.
READ: Consumer groups want blood over ‘Comeleak’
Downloading going on
“Now, as of yesterday (Saturday) morning, there continued to be screenshots that the torrent was still being downloaded or seeded using the address. So what is being done? An investigation,” Quezon said.
He said the OP-MIS had yet to submit an investigation report.
Quezon said the Office of the Executive Secretary would determine the accountability “if proven that someone indeed used the mail server to download the Comelec data.”
A hacker group defaced the Comelec’s website last month, and on April 6 a second hacker group posted the entire database online, with mirror links where the data would also be downloaded, according to Internet security company Trend Micro.
LOOK: Comelec website hacked
The Tokyo-based company said leaked were personal details of more than 55 million registered voters, including names, birthdays, home addresses e-mail, parents’ full names and in some cases passport details and text markers of fingerprints.
Comelec spokesperson James Jimenez said the leaked data that were uploaded online were not fingerprints but text markers that cannot recreate the fingerprints.
He said the integrity of national elections on May 9 would not be affected, as the automated balloting would be run on a different server, not on the one that was hacked. With a report from AP