Namfrel calls for probe on alleged Comelec hacking


Posted at Jan 13 2022 08:12 PM


MANILA — The National Movement for Free Elections has called on the Commission on Elections to fully investigate the alleged hacking of its data system following a report claiming that the poll body's systems were hacked and compromised.

In a statement on Thursday, Namfrel said that the issue must be fully investigated and resolved at the soonest time possible. It advised Comelec to consult with IT security experts in investigating and resolving the reported incident.

The poll watchdog also suggested that the COMELEC set up an incident response team (IRT) that will develop a proactive incident response plan, conduct vulnerability assessment of the poll body's technology infrastructure, resolve system vulnerabilities, implement strong information security practices, and address information security incidents. 

“Among other plans that the IRT must develop is a quick response communications plan that will cover incidents like the 7-hour data outage which happened in 2019 and the recently reported hacking incident," it said.

On Monday, newspaper Manila Bulletin came out with a report that claimed its Technews Team has verified information from a source about the supposed hacking that took place Saturday.

“[T]he hackers' group managed to breach the system of the Comelec last Saturday, Jan. 8, 2022, and download files that included, among others, usernames and PINS of vote-counting machines (VCM)," the article read.

MB said hackers also took network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.

However, Namfrel said that reports such as the alleged hacking of Comelec's serves have to be carefully vetted. 

In a tweet, Comelec commissioner Rowena Guanzon labeled as "fake news" the MB story.

Comelec spokesman James Jimenez also questioned the veracity of the report because it did not elaborate on the "verification" process it supposedly carried out to confirm the alleged hacking. 

"We invite the authors to shed light on their allegations, particularly with regard to the 'verification' they claim to have carried out," Jimenez said.

On Wednesday, the National Privacy Commission issued separate orders to the Comelec, MB tech editor Art Samaniego and Manila Bulletin to appear for a "clarificatory" meeting via teleconference on Jan. 25 regarding the supposed data breach. 

In 2016, a group of hackers stole the personal data records of some 54 million registered voters. In 2017, Comelec also reported that a desktop computer of its election officer was stolen, compromising voters' data.

— With a report from RG Cruz, ABS-CBN News


Watch more on iWantTFC