Both chambers' websites under attack
By Nidz Godino
"We regret to inform public that official website of House of Representatives has been voluntarily taken offline once again…despite our security enhancements, we have detected suspicious and unusual activities necessitate further scrutiny," House secretary general Reginald Velasco said websites of House of Representatives and Senate are apparently under cyber attack.
Lower chamber voluntarily took down its web portal after "suspicious and unusual activities" were detected, according to Velasco.
He said move is "precautionary measure to double-check and reinforce cybersecurity measures," ensuring "vulnerabilities" have been addressed.
Velasco stressed primary concern is to "guarantee safety, integrity and reliability of our digital platform for citizens we serve."
"We understand inconvenience this might cause and we ask for public understanding as we work diligently to address these concerns," he said.
Velasco said House's commitment to "transparency and open communication remains unwavering. We will provide updates as soon as we have more information."
House website was taken down before 1 in the afternoon. yesterday.
Arnold de Castro, head of House IT team, said mitigation has been done on original port penetrated by hackers.
"While we were doing re-scanning, there were other backdoors hackers were exploiting to get into system, we opted to take it down until we harden system with securities…hopefully, if we can do this within the day, we can restore website later," De Castro said.
De Castro said House website registered high number of "visitors" during period that it was open, but "it does not necessarily mean that they are hackers."
URL congress.gov.ph received following message on its homepage "YOU'VE BEEN HACKED. YOU'VE BEEN HACKED. HAVE A NICE DAY."
It was accompanied by a caricature of a laughing man and the message "HAPPY APRIL FULLZ KAHIT OCTOBER PALANG! HACKED BY 3MUSKETEERZ 15-October-2023 || 11:31:24 AM."
Senate website received "spike of attacks" on same day House of Representatives' web portal was defaced by hackers, Senate Secretary Renato Bantug Jr. confirmed.
"As soon as we learned of House of Representatives website hacking, our team went on alert and continuous monitoring…may perimeter and application firewall naman ang Senate but our tech team also made adjustments, per our IT, we recorded spike in attacks," Bantug said.
Asked by reporters if there were attempts to hack Senate website in the past, Bantug said "in this age, hacking attempts are usual… really just spiked on Sunday."
Mario Antonio Sulit, director of Senate Electronic Data Processing-Management Information System, said hacking attempts were traced to United States, Germany, Vietnam and some from Philippines.
Hackers may not be from those countries and were merely using virtual private network or mirroring, according to Sulit.
Sen. Risa Hontiveros filed resolution seeking inquiry into series of cyber attacks on websites of government offices.
Hackers recently attacked websites of the Philippine Health Insurance Corp. (PhilHealth), Philippine Statistics Authority and Department of Science and Technology.
Cyber hackers uploaded PhilHealth data on dark web and demanded $300,000 or P17 million.
"Breach of personal information kept by government agencies endangers safety and security of people, leaving us even more vulnerable to increasingly nefarious schemes involving text message spams, online scams, phishing, financial fraud, extortion, blackmail and identity theft," Hontiveros said.
She said police Anti-Cybercrime Group recorded 16,297 cybercrime cases in first quarter of 2023 alone.
"It also calls into question sufficiency of cybersecurity measures of government agencies handling information vital to national security…there is need to assess capacity of government to secure critical strategic infrastructure from cyberattacks and other potential threats," Hontiveros added.
She said government has "inherent obligation" to ensure personal information and communications systems in private sector are secured and protected as provided under Republic Act 10173 or Data Privacy Law.
Authorities are pursuing leads to identify hackers or group responsible for cybersecurity attacks on government websites, according to officials of Department of Information and Communications Technology (DICT).
Lawyer Renato Paraiso, DICT spokesman and assistant secretary for legal affairs, said analysis of defacement posted on House website indicated involvement of local hackers.
Paraiso said DICT was also aware of hacker with handle or online name "DiabloX," said to be claiming responsibility for hacking of House website.
During hearing of Senate committee on science and technology chaired by Sen. Alan Peter Cayetano, DICT official said hackings appeared to be organized.
DICT Undersecretary Jeffrey Ian Dee confirmed other government agencies were attacked by hackers, but did not identify government offices.
Dee requested for executive session, considering sensitivity of information.
"We are pursuing some leads…what I can say right now after Medusa ransomware attack is that other government agencies were also victimized…these are professional groups…if we are talking about recent spate of hackings after PhilHealth, we believe them to be local hackers and not just coincidence," Dee concluded.
No comments:
Post a Comment