MANILA, Philippines—Without a nationwide cybersecurity program to keep hackers at bay, government websites in the Philippines are vulnerable to computer attacks, an official of the National Computer Center (NCC) said Monday.
“Right now we are, admittedly, vulnerable,” NCC Commissioner Angelo Timoteo M. Diaz de Rivera said. The NCC is under the Commission on Information and Communications Technology (CICT).
Diaz de Rivera said the CICT had obtained government approval to start a P20-million pilot program and was just awaiting the release of the fund.
The Philippine Daily Inquirer published on Monday a report quoting Canadian researchers as saying that the computer network of the Department of Foreign Affairs (DFA) was among those infiltrated or “hacked” into by a cyber spy network based mainly in China.
The Information Warfare Monitor (IWM), composed of researchers from Ottawa-based think tank SecDev Group and University of Toronto’s Munk Center for International Studies, said it detected compromised computer systems of governments and private organizations in 103 countries.
Manila earlier angered Beijing over the signing of the Philippine Archipelagic Baselines Law, which described the territories being claimed by the Philippines as part of a “regime of islands.”
The Philippines claims part of the disputed Spratly Group of Islands in the South China Sea.
Diaz de Rivera said the CICT-NCC was in touch with the DFA to determine the extent of the infiltration.
“We are looking into it,” he said. “It seems it was the internal system of the DFA that was compromised. Their website seems normal and was even updated,” he said.
Validating report’s claim
Acting DFA spokesperson Ed Malaya said the agency was still “validating” the IWM report’s claim.
“The integrity and security of our information technology and computer systems are important to us. We assure the public that we will take any and all protective measures so we can maintain that integrity and security,” Malaya said in an interview over radio station dzXL.
He later told reporters that the DFA’s Management Information System and Internal Security offices were checking and patching up the alleged breach.
“They’re currently hard at work looking into the subject matter and also checking as to what we ought to be doing,” Malaya said.
State secrets vulnerable
Sen. Rodolfo Biazon urged the government to order the National Bureau of Investigation to look into the cyber attack on the DFA’s computer network.
Biazon suggested that the government look into the integrity of personnel using the system and come up with a body of experts to trace hackers.
“Any state secret vulnerable to hacking is disadvantageous to national security,” he said.
“If China is the one maybe responsible for this, then I’m glad the ZTE project didn’t push through,” Biazon said in reference to the $328-million National Broadband Network (NBN) contract awarded to China’s ZTE Corp.
The deal was scrapped following allegations that it was attended by bribery and corruption.
Diaz de Rivera said a “botnet” may have attacked the DFA system through a computer or set of computers with outside access.
Botnet refers to a collection of software robots or “bots” that infiltrate computers through viruses and similar programs and then hide programs within the attacked system.
The term is often associated with malicious software or malware but can also refer to the network of computers that run these “bots” autonomously and automatically using a variety of connections and networks.
Diaz de Rivera said this was not new and that even school computers get enslaved by a “master” computer that used the infiltrated machines as “sleeper” units.
“When activated, these computers can be used to get sensitive data or even do espionage as the Canadian agency reported,” the NCC commissioner said.
He said the magnitude of the infiltration had not been determined.
“Hopefully, the personal information of our citizens were not compromised. The DFA, like many government agencies, does not even have a CIO,” he said.
The CIO or chief information officer is in charge of IT policies and strategies that support overall growth for an organization.
“The effect of cyberterrorism can range from simple nuisance to widespread damage. Hackers can bring whole systems down, disrupting public service. It happened to Estonia two years ago,” Diaz de Rivera said.
He expressed the hope that the CICT-NCC’s longstanding proposal to create a cybersecurity plan could start soon.
“It (program) starts with awareness campaigns, especially among employees who may still be accessing suspicious Internet sites through their office computers. It also has a component that initiates partnerships between CICT, the police, and the private sector to proactively defend our systems,” Diaz de Rivera said.
He said that with the country’s Internet population and ICT investments growing, computer users should be taught about how to protect their system and their data by using complicated passwords and avoiding suspicious sites, among other steps.
“Sometimes something as innocent as clicking on a photo can open a door to botnets,” he said.
Diaz de Rivera said the major stumbling block to creating a national cybersecurity plan was funding.
“We need to be implementing ISO 27001, which covers information security management systems, but this is very complex and expensive to do. We were supposed to get P20 million to P30 million to get started on this and related projects, to show how much difference a coordinated program will make,” he said.
Sadly, the CICT has not received the money, he said. “We hope that since the new national budget was approved already, we could get the needed funding for this (cybersecurity program),” he said.
Emergency response team
A cybersecurity plan includes risk analysis and creating an emergency response team. The initial program may take three to five years to implement, Diaz de Rivera said.
“We need to foster partnerships, for example with government agencies and key industries like banks and telecommunications,” he said.
He said cases of hacking could be coordinated with the international police but it was more the job of a country’s computer emergency response team.
“Right now, there is a volunteer group called the PH CERT or Philippine Computer Emergency Response Team. The police have their GCIRT or Government Computer Incident Response Team, and the NBI has its cyber forensic team. But ideally each sector must have a response team and these teams should be talking to each other regularly,” he said.
Diaz de Rivera said attacks whether from the same sources or not could happen again. “We hope it does not happen, but if it does happen we can deal with it faster if we had a program in place,” he said.
This was not the first time that a government website or system in the Philippines was reported compromised.
In October 2007, the website of the National Economic and Development Authority (NEDA) was discovered defaced for a still unknown cause.
Visitors to the site see a normal front page and most of the pages bear nothing unusual. But further exploration of the “Past Events” page inside the “Events” section leads to a screen that listed pornographic ads instead of events.
The defacement of the NEDA website happened a week after the controversy surrounding the NBN deal with ZTE peaked.
On Sept. 26, 2007, former NEDA Director General Romulo Neri disclosed at a Senate hearing that he was offered a bribe by Elections Chair Benjamin Abalos, who was accused of lobbying for ZTE, to endorse the NBN project. –Jerome Aning, Riza T. Olchondra, Philippine Daily Inquirer with reports from Christine O. Avendaño, Christian V. Esguerra and Norman Bordadora