Geoffrey Ian Dye, ICT Undersecretary for Infrastructure Management, Cybersecurity and Upskilling, said a review of the hack on his Disaster Risk Reduction and Management Division (DRRMD) portal the other day had identified flaws that enabled the hacker to breach the system.

MANILA, Philippines – The Department of Information and Communication Technology is determined to learn from the successful hack on its Disaster Response Unit’s portal and improve its systems and websites not only in the DICT but also in other national and local government agencies. .

Geoffrey Ian Dye, ICT Undersecretary for Infrastructure Management, Cybersecurity and Upskilling, said a review of the hack on his Disaster Risk Reduction and Management Division (DRRMD) portal the other day had identified flaws that enabled the hacker to breach the system.

“We have identified the mistakes. These are instructive, and can be used so that other agencies can understand,” Dy told The Star in a Viber audio interview.

“Most of the flaws were in the way (DRRMD) developed the system,” said Dy.

However, the Dy reiterated that the DRRMD was indeed designed to be easily accessible by external parties as it was intended to disseminate information during disasters.

Dy said that a flaw was found that the DRRMD portal used an untested encryption algorithm.

“What was used was… an encryption algorithm or protocol that was proprietary, a protocol developed or invented by a provider,” Dy said.

Another flaw, which he said was also seen as a “significant flaw”, was the use of a password system that was encrypted.

“The password – the username-password combination – should not be encrypted, it should be hashed,” said Dy.

Also, the Dy said that the DICT had detected these threats several days ago.

However, it took several days to update. And then, the hacker struck before we could address the threat,” said Dy.

Dy reiterated that the volume of data compromised by the hacker, whom he had earlier identified as “PH1NS”, was only 200 megabytes.

“Any kind of violation, we don’t want to minimize. Even though it (DRRMD) is a small system, we still take it seriously. We still want to note the learning here,” said Dy.

The Dy noted that DICT’s cybersecurity forces have been stretched thin in recent weeks and the number of hacks on government agencies and private organizations has increased.

The hack at the DRRMD, raised the need for a cyber security force at DICT that would only monitor the information technology systems of DICT.

“We are looking at the need to create a local cyber security force that will only monitor the DICT,” said Dy.

The DICT said its investigation into the alleged hack on popular electronic mobile wallet GCash disproved claims of a successful breach.

The Dy said that their investigation has not shown any evidence that their database was breached by an external entity.

“Actually, we did not find clear evidence that GCash was hacked,” Dy told The Star in a phone interview.

“There was no evidence of a violation,” he stressed.

Dy said the data being revealed by DeepWeb Konek, an online collection of cybersecurity practitioners to mark an alleged hack on GCash, does not appear to have come from a hack on GCash’s system.

It seems to have come from other sources. It was data collected from other sources, not from a successful breach,” explained Dy.

Reduction in cybercrime cases

According to data released yesterday by the Philippine National Police (PNP), cybercrime cases dropped by at least 36 percent this year, with online scams recording the biggest drop.

Data from the PNP Anti-Cybercrime Group (ACG) showed that there were 8,177 cybercrimes from January to June, a 36.16 percent decrease from 12,808 incidents in the same period in 2023.

PNP chief Gen. Romel Francisco Marble attributed the decrease in cybercrimes to their proactive measures, which include deploying more resources and enhancing the capabilities of cybercrime investigators.

“Our goal is to protect our citizens not only in the physical world but also in the digital realm,” he said in a statement.

Online scams registered the largest decrease of 53.48 percent from 3,468 to 1,613 followed by investment and job scams which fell from 1,001 to 650, a decrease of 35.06 percent.

Debit and credit card fraud cases decreased from 736 to 528 or a decrease of 28.26%. – Emmanuel Topas



Source link