Commission on Elections data breach

From Infogalactic: the planetary knowledge core
Jump to: navigation, search
Commission on Elections
data breach
Date March 27, 2016 (2016-03-27)
Location Philippines
Type Cyber-attack
Participants Anonymous Philippines
LulzSec Pilipinas
Outcome
  • About 55 million registered voters at risk
  • Biggest private leak data in the Philippine history
Arrest(s) Paul Biteng (arrested on April 20)
Jonel de Asis (arrested on April 28)
Suspect(s) Paul Biteng
Jonel de Asis
One suspect is yet to be identified

On March 27, 2016, hackers under the banner, Anonymous Philippines hacked into the website of the Philippine Commission on Elections (COMELEC) and defaced it. The hackers left a message calling for tighter security measures on the precinct count optical scan (PCOS) machines to be used during the 2016 Philippine general election in May 9.[1] Within the day a separate group of hackers, LulzSec Pilipinas posted an online link to the what it claims to be the entire database of COMELEC and updated the post to include three mirror link to the index of the database's downloadable files.[2] The leaked files by LulzSec amounts to 340 gigabytes.[3]

The COMELEC website returned to normal at 03:15 (PST) on 28 March 2016. COMELEC spokesperson, James Jimenez, stated on his Twitter account that, as they continue to scour the site, all databases would remain temporarily off.[4]

The incident was considered the biggest private leak data in the Philippine history and leaving millions of registered voters at risk.[5][6]

55 million registered voters are at risk due to the data breach according to security firm, Trend Micro potentially surpassing the Office of Personnel Management data breach which affected 20 million people.[7]

A searchable website, called wehaveyourdata, was set up containing sensitive data on Filipino registered voters was set up as early as April 21. The website was taken down with the assistance of the U.S. Department of Justice since the domain of the website was bought from a US-based web hosting company. The website itself was found to be hosted in Russia.[8]

Extent of the breach

Trend Micro conducted its own investigation on the extent of the data breach. It found that 1.3 million records of Overseas Filipino voters, which included passport numbers and expiry dates were included in the data dumps by the hackers. The security firm found the breach as "alarming" since it said that the data are easily accessible to the public were in plain text. It also added that 15.8 million record of fingerprints along with a list of people who has ran for office since the 2010 elections were found by the firm's investigation. [3]

The firm also found files concerning candidates running in the election with the filename "VOTESOBTAINED" which the firm infers to reflect the number of votes received by the particular candidates. It said that the figures of the "VOTESOBTAINED" files were set to NULL at the time Trend Micro conducted its investigation.[3]

The Commission on Elections chairman, Andres Bautista said that he was told that no confidential information was leaked, saying the breach would not affect the election body's preparation for the 2016 elections.[3] The commission also emphasized that the database on its website is accessible to the public and no sensitive information is hosted on the website. It said that the results website that the election body is planning will be hosted in a different website with a different and better set of security measures.[9] It further added that the database might be fake saying that no biometrics date were compromised by the hackers as opposed to Trend Micro's findings. COMELEC also noted that Trend Micro accessed the dumped data by hackers on its investigation and said that it has no capability of validating the data since it had no access to its original database.[10]

Perpetrators

On April 12, COMELEC announced that the National Bureau of Investigation have a "very good lead" regarding the hackers behind the breach. The perpetrators are to be charged of violations of the Cybercrime Prevention Act.[11]

On 20 April, the National Bureau of Investigation (NBI) apprehended one of the suspected hackers, later identified as Paul Biteng,[12] the 23-year-old IT graduate student, in his home in Sampaloc, Manila. The authorities took three weeks in order to track down the hacker.[13] The NBI confiscated Biteng's desktop computer, he used for hacking, for forensic examination.[14] Biteng, who is a member of the hacking group Anonymous Philippines, admitted that he defaced the COMELEC website, but denied the contribution in data leak.[15][16] He also admitted that the hacking was intended to show how vulnerability of the COMELEC website is.[17] Possible cases against him include a violation of the Cybercrime Prevention Act of 2012.[15]

About eight days later, a second hacker, named Joenel de Asis — also a 23-year-old IT graduate, apprehended by NBI at his house in Muntinlupa.[18] In a press conference held on April 29, COMELEC chairperson Andres D. Bautista identified de Asis as one of the ringleaders of the notorious hacker group, Lulzsec Pilipinas.[19][20] Bautista said that de Asis admitted hacking the website and leaking the Comelec database.[20] He also admitted that he collaborated with Biteng in the hacking incident. Biteng breached the server of the Comelec website, while De Asis downloaded the 340 gigabyte voter database five days before the website was defaced on March 27. [21] While De Asis leaked the data though the Lulzsec Pilipinas website, he denied that their group created the website, wehaveyourdata.[22][23] He assured that the data leak will not affect the upcoming elections as they did not hack Vote Counting Machines (VCMs) since it is connected to a different server.[24][22]

The third hacker, which is yet to be identified, is still at large.

Measures

On April 21, COMELEC announced that they will be making consultations with Microsoft and other cybersecurity experts based in the United Kingdom, Singapore and the United States. A technical working group tasked to look on the issue of hacking was also formed which is to be led by Director James Jimenez of the Comelec Information and Education Department.[25] The website will be transferred to the Department of Science and Technology's server.

See also

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. Lua error in package.lua at line 80: module 'strict' not found.
  3. 3.0 3.1 3.2 3.3 Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. Lua error in package.lua at line 80: module 'strict' not found.
  12. Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. 15.0 15.1 Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. 20.0 20.1 Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. 22.0 22.1 Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.