Watch more News on iWantTFC

MANILA — The Department of Information and Communications Technology (DICT) on Tuesday said they are eyeing local threat actors to be behind the recent spate of hackings of websites of Philippine government agencies.

DICT Undersecretary Jeffrey Ian Dy told the Senate committee on Science and Technology that while Medusa, a foreign professional group of hackers, was behind the cyber attack on the PhilHealth website last month, the string of attacks on other government agencies could be blamed on local hackers.

“When we’re talking about the recent spate of hackings after PhilHealth, we believe them to be local actors and we believe them not to be a coincidence,” he said before asking for an executive session to tell senators the “leads” they are pursuing.

Among the agencies whose websites were attacked are the Philippine Statistics Authority (PSA), the Department of Science and Technology (DOST) and the Bureau of Immigration (BI).

The House of Representatives’ website was attacked twice — defaced on Sunday and voluntarily taken down on Tuesday after experiencing "suspicious and unusual activities."

There was also an attempt to hack the website of the Senate on Sunday.

Senator Sherwin Gatchalian earlier said the hackings could not be a coincidence but are “organized,” which could lead to bigger problems if it affects other sectors like banking and aviation.

Senator Alan Peter Cayetano, who led the Senate panel probe, noted the coincidence that the attacks took place just as discussions on the confidential and intelligence funds (CIF) heated up online and in Congress.

“Napalaking irony that the biggest issue now is people want to know saan ginagamit yung confidential funds. On the other hand, things that have to be confidential like your health records are now being hacked and exposed to the public. Baliktad ata ang mundo natin. Dapat alam ng tao di nalalaman at yung dapat na confidential, hindi naki-keep confidential,” he said during a press conference prior to the hearing.

While Cayetano said the attacks were “not necessarily” connected to the CIF issue, he acknowledged those behind it might have different motives.

“I don’t want to speculate on specific hacks and specific hacking activities and their perpetuators but we do know as a fact in the digital world that you do have these actors from activists na yun nga, they feel like di dapat may intelligence,” he said.

But the DICT defended the country’s record in terms of number of cyber attacks, following a report cited by Senator JV Ejercito that the Philippines is supposedly the 4th in the world in terms of number of incidents.

“That statement comes from one of the vendors, which is Kaspersky. In fact…from fourth, naging second, naging first,” Dy said.

“But I would like to state siguro with a grain of salt that particular findings of Kaspersky kasi ang kina-count lang nila is yung attacks detected ng kanilang anti-virus system. Siguro sir ang official is that we are actually in the middle dun sa Global Cybersecurity Index. We do not rank very low but we also do not rank very high. In the ASEAN, we are about 6th or 7th out of the 10 countries,” he added.

For 2022, Dy said only around 5,700 out of the 25,000 attacks came through and not all of them involved data.

“In terms of attacks sir, we are actually defending more than we are, than lumulusot. I understand that it’s very unfortunate that we have these attacks recently… To be honest, ang pinakamarami po talaga klaseng attack sa Pilipinas ay sa government agency and mostly, web defacement,” he explained.

Watch more News on iWantTFC

PhilHealth, which was the subject of the probe, meanwhile reported that 100 percent of their website's external services are now back while 80-85% of their internal services are operational, 3 weeks after the attack.

Medusa was able to get 746GB of data from PhilHealth which includes personally identifiable information like membership ID, full names, birthdates and the kinds of claim they are making, according to the DICT.

Still, the state insurer insisted their main database were not affected.

“Although membership data have been compromised, some of them, I think it’s very important for the public to know that our production servers are actually intact. The reason why some of the membership data was compromised was because it was the individual work stations that was affected. Definitely not the production servers, intact po yun no,” PhilHealth president and CEO Emmanuel Ledesma, Jr. said.

“We at PhilHealth are exploring, if it needs be, those that are affected, maybe what we’ll do is we’ll generate new PhilHealth IDs and then we’ll have to start again from scratch. It may be tedious but at least for the protection of the people,” he added.

Senator JV Ejercito pointed out that the budget for cybersecurity was cut from P600M in 2023 to P300M for the following year, which could have a “huge effect” on efforts to counter cyberthreats, according to Asec. Mary Rose Magsaysay, deputy executive director of the Cybercrime Investigation and Coordination Center.

The DICT reminded the public that there are 2 governing laws on cyber-hacking:

-Republic Act No. 8792 or the Electronic Commerce Act of 2000 which imposes a fine ranging from P500,000 to the maximum amount commensurate to the damage and mandatory jail time of 6 months to 3 years

-RA 10175 Cybercrime Prevention Act which imposes imprisonment of between 6 to 12 years or a fine of between P200,000 to the maximum amount commensurate to the damage.

• 'You've been hacked': House website defaced, goes offline
• PhilHealth to members: Use member portal to 'safely access data'

Watch more News on iWantTFC