A Philippine cybercriminal has breached a government website using the simple password "Admin123." This breach revealed the personal data of numerous Filipinos and some state secrets.
Exposing Philippine Government's Alarming Cybersecurity Failures
The Filipino cybercriminal has exploited the glaring security flaw of using the poor password "Admin123" to breach a government website, bringing to light the concerning state of cybersecurity measures in the government.
Interesting Engineering reported that this security lapse not only resulted in the exposure of the personal information of millions of Filipinos but also unveiled some closely guarded state secrets.
The cybercriminal, reportedly hailed from the southern city of Davao, expressed frustration at the government's long-standing cybersecurity issues that have been publicly identified but left unaddressed.
He told This Week in Asia that he's a hacktivist and frustrated that these problems have been well-known and pointed out for a long time, yet the government has taken no action.
Using the pseudonym "DiabloX Phantom," the 19-year-old hacker claimed to have been part of the "red team," a government group responsible for identifying vulnerabilities in the state's cybersecurity system.
In a live chat on social media, he disclosed that he successfully infiltrated the websites of five government institutions and accessed an extensive volume of data to expose the existing security weaknesses.
Furthermore, he highlighted the alarming fact that one state agency used the shockingly inadequate password "Admin123" for its online security, shedding light on the urgent need for improved cybersecurity measures within the government.
Previous Hacking Incidents in the Philippines
A recent incident infiltrating the servers of the Philippine Health Insurance Corporation (PhilHealth) on October 3 involved a hacker group. After demanding a $30,000 ransom, which PhilHealth refused to pay, the hackers disclosed a substantial amount of personal data.
South China Morning Post reported that this data breach had far-reaching consequences, affecting millions of Filipinos, including domestic residents and overseas Filipino workers in other countries.
The breach's impact extended beyond PhilHealth, as the website of the Philippines' House of Representatives was also targeted, with the hackers leaving a "troll face" and prompting officials to take it offline for remediation.
According to cybersecurity specialist Carlos Nazareno, who serves as the Rights Initiatives Director of Democracy.net.ph, the Philippines lacks a strong privacy culture, rendering the government's data highly vulnerable.
Nazareno noted that data breaches have been an ongoing issue in the Philippines for years, and he warned that with just an email, phone number, and ID, identity theft could happen.
On October 13, the Department of Information and Communications Technology (DICT) acknowledged "breaches" affecting "experts' data." Despite this revelation, the DICT downplayed the incident as "old" news.
What added an ironic twist to the situation was that the documents were related to the establishment of a national center of excellence in cybersecurity.
The exposure of these cybersecurity plans serves as a stark reminder of the country's need for improved cybersecurity defenses. The Philippine government is now grappling with the aftermath of these breaches, focusing on fortifying its cybersecurity measures.
PhilStar reported that the Supreme Court of the Philippines has already urged officials and personnel of the judiciary to enhance their cybersecurity protocols, providing guidelines for "proper cyber hygiene" to minimize the risk of cyber threats.
