THE Commission on Elections (Comelec) database breach has prompted a lawmaker for the government to hire “white hat” hackers and Comelec Chairman Andres D. Bautista to say he’s ready to step down.
Senate President Pro Tempore Ralph G. Recto recommended that the government can immediately enlist “bored” Filipino experts on information technology as “cyber-commandos” to guard and repel subsequent attempts to stage massive hacking of government records, similar to the recent raid of Comelec web site, targeting vital records of millions of registered voters.
The senator made the suggestion in the wake of the arrest of a 23-year-old information-technology (IT) fresh graduate nabbed by authorities for hacking the Comelec web site and releasing the hacked voter records containing vital personal details that may be misused for illegal activities.
Recto, principal sponsor of the Congress-approved bill creating the Department of Information and Communications Technology (DICT), suggested that “instead of wasting their talents, these talented Filipino Internet experts should be employed by the executive department as white-hat hackers to protect us from real cybercriminals.”
In a statement, Recto quoted from Technopedia to describe a white hat hacker as a computer-security specialist who breaks into protected systems and networks to test and assess their security.
The senator noted that white-hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers, or “black hats,” can detect and exploit them. Recto added that, while their methods are similar, if not identical, to those employed by malicious hackers, white hats have permission to employ them against the organization that has hired them.
“Sayang ang mga kabataang ito kung makukulong lang,” Recto said. “Magagamit natin ang kanilang talento sa kabutihan kung mabibigyan sila ng trabaho ng gobyerno bilang mga white- hat hackers or cyber commandos.”
He also suggested the Aquino administration can “start organizing hack-fests, a competition to probe government web sites for weaknesses.”
“In addition to auditing the security features of these portals, these hack-fests can serve as recruiting fairs for would-be government IT workers,” Recto said. “Let us put the mind and the hands of the Filipino hackers to good use through the DICT.”
Bautista prepared
ON Sunday Bautista reminded the public that hacking does not only happen in the Philippines and that even other government agencies abroad have fallen prey to hackers.
He assured over a radio interview on April 24 that the system and web site that the Comelec will be using come election day will be secured against hacking.
“Huwag po mabahala na ma-hack ’yung web site na gagamitin para sa ating halalan,” Bautista said. “Titingnan namin kung paano palalakasin at sisiguraduhin na hindi ma-hack itong web site na ito.”
Nonetheless, Bautista expressed readiness to face possible impeachment complaints that may be filed against him, in connection with the poll body’s failure to secure its system, which led to the hacking of vital information of millions of registered voters.
He said it is the right of any individual or group to file a complaint, but the poll body will continue to focus on its duty to ensure a peaceful, orderly and credible elections.
“Titingnan po natin kung ’yan ay bibigyan ng kaukulang pansin ng Kongreso, but at this point nga, ang aming focus ay ang ating darating na halalan,” Bautista said. “Kailangan siguraduhin natin na kapani-paniwala, credible at maayos ang darating na halalan.”
Cyber-security plan
RECTO pointed to the Congress-approved DICT bill awaiting President Aquino’s signature as a step to prevent the hacking of the Comelec database from happening again.
Recto explained the soon-to-be-enacted law mandates the creation of a Cybercrime Investigation and Coordination Center.
He added the DICT would also be tasked to formulate the National Cybersecurity Plan (NCP) and form the National Computer Emergency Response Team, which will serve as “our IT Special Action Forces or cyber commandos.”
“This should be our priority, the formulation of an [NCP],” Recto said. “Hacking is now a serious security threat not only in the Philippines, but also in the global arena.”
He noted the Philippines has so few personnel investigating cybercrimes “and, worse, dispersed among government offices despite the increasing volume of transactions in all kinds of commerce being done online.”
The senator pointed to the Philippine National Police-Anti-Cybercrime Group (PNP-ACG), which has a personnel complement of 110, “and this in a country where 70 million [has] social-media presence.”
Moreover, he noted the National Bureau of Investigation (NBI) is another “frontline office” needing more “ICT investigators and equipment to flag cybercrimes and tag those behind them.”
Recto asserted that the DICT should be part of the NCP, as “we now live in an era when terrorists don’t have to blast bank doors to do mayhem; but simply unleash a virus that could shred or suck out financial data.”
“An enemy with a missile is as dangerous as one with malware [malicious software],” Recto said. “Countries we are not so friendly with may target us, and criminals will always want to hack their way to our financial system.”
Recto recalled the February hack-attack on a Bangladesh central bank account at the US Federal Reserve in New York. That case showed “that the threat is real and countermeasures against cybercrimes urgent.”
Smartmatic tweaking
MARLON Garcia, project manager of Smartmatic International, the automated-election system (AES) provider of the Comelec, said they are continuously enhancing the security features of the AES, in order to deflect possible attempts of hacking.
Garcia said the company will deploy some 45,000 technicians nationwide to fix any problem that may be encountered under the AES.
The Smartmatic official claimed the transmission of all election results from 92,509 clustered precincts is expected to be completed in just 24 hours after election day.
“This is not a commitment, but my take is that it is going to be around 80-percent transmission just on May 9,” Garcia said. “By noon of May 10, we should already be almost done.”
He said transmission could even be faster if not for the challenges being posed by the country’s geography.
“We know that because of the difficulty in the geography in the Philippines and the availability of the signals in some of the areas, we may not be able to make it on May 9,” he said. “The platform actually is to receive everything in the canvassing in one hour. But we know, based on our experience here, is it is going to take a while.”
“We have proven that the platform we are going to use on election day is ready. We are ready to go on May 9,” Garcia said. “Definitely on May 9, at the end of the day, we are expecting a high transmission percentage.”
In the 2013 polls, the Comelec and Smartmatic were only able to attain a 76-percent transmission rate.
Garcia based his optimism on the positive outcome of the Transmission and Readiness Test that the Comelec conducted last Saturday in 10 areas across the country.
They are in Taguig City; Pateros; Quezon City (First District); Manila City (Fifth District); Digos City and Bansalan in Davao del Sur; Iriga City and Buhi in Camarines Sur; and Alburquerque and Cortes in Bohol.
Identity theft
CITING the 2014-2015 Cybercrime Report prepared by the Department of Justice, Recto said ordinary people are vulnerable to hacking.
“The poor man’s ATM [automated teller machine] is vulnerable to hacking, too,” he said. “There are identity thefts victimizing ordinary people.”
The report cited by Recto ranked the Philippines 39th among countries with Internet threat activities.
On the other hand, Recto said the PNP-ACG recorded an increase of 113 percent in cybercrime statistics from 288 incidents in 2013 to 614 incidents in 2014. Meanwhile, the Bangko Sentral ng Pilipinas reported 2,872 cases of ATM fraud during that period, he added.