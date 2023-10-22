In a recent series of cyber incidents, the Philippines' weak cybersecurity practices have left government websites susceptible to breaches, endangering the security of millions of citizens.

Hackers targeted the Philippine Health Insurance Corporation (PhilHealth) in a breach affecting millions of individuals, including overseas Filipino workers, reported the South China Morning Post.

The breach resulted from the state insurer's refusal to pay a $300,000 ransom. Additionally, the House of Representatives' homepage was defaced, underscoring the government's vulnerabilities in the digital realm.

A hacker known as DiabloX Phantom claimed to have infiltrated five major government agencies, downloading significant amounts of data. His intent was to reveal the government's cybersecurity shortcomings.

Government agency infiltrations and tactics

The hacker accessed the servers of the Philippine Statistics Authority, responsible for national identification cards, and the Philippine National Police's forensics database containing sensitive case files.

Additionally, he targeted the websites of the Department of Science and Technology, the Technical Education and Skills Development Authority (Tesda), and Clark International Airport.

His methods included exploiting weak passwords, sending malware via email, utilising open subdomains, and exploiting vulnerabilities left by other hackers.

DiabloX Phantom, as reported by the South China Morning Post, said that he did not intend to sell the data he obtained but aimed to draw attention to the government's cybersecurity vulnerabilities.

DiabloX Phantom, as reported by the South China Morning Post, said that he did not intend to sell the data he obtained but aimed to draw attention to the government's cybersecurity vulnerabilities.

He sought a response from the government to address these issues. Philippine cybersecurity experts independently verified his claims. While there is no single entity responsible for the various breaches, some hackers aim to expose system vulnerabilities, seek recognition for their skills, or engage in cyber activities for amusement.

Historical cybersecurity lapses

The recent breaches in the Philippines are part of a pattern of cybersecurity incidents.

The "Comelec leak" in 2016 exposed personal data from up to 55 million Filipino voters. Despite the scale of this breach, there were no prosecutions or repercussions.

Weak passwords, inadequate employee training, and insufficient monitoring create vulnerabilities that need urgent attention. Addressing these issues is crucial to safeguard sensitive data and protect the privacy of millions of individuals.

The recent attempt to register SIM cards encountered challenges when criminal syndicates offered fake pre-registered SIM cards, undermining the government's efforts to combat mobile phone scams and crimes.

Registered SIM card users reported receiving scam texts. Law enforcement efforts led to arrests for selling fake "registered" SIM cards and the discovery of a large number of such cards in a raid on a gambling hub.