Some of these foreign actors, which Uy referred to as ‘sleepers,’ had been targeting local computer systems for years before they were exposed through the government’s cybersecurity efforts.

There’s an interesting tidbit about Cyberbit, a sophisticated eavesdropping technology peddled worldwide by a mercenary cybersecurity firm, which involved high officials of the Duterte regime.
In 2016, “the traveling Cyberbit demo laptop made a stop at the New World Makati Hotel in the Philippines, followed closely thereafter by a demonstration at Malacañang Palace…,” writes digital sleuth Ronald J. Deibert in his recent book on sophisticated computer spywares, “Chasing Shadows,” which included how the secretive Cyberbit program was sold to authoritarian governments.
Deibert is the director of the University of Toronto’s Citizen Lab, a digital security research center whose researchers “document patterns and practices of information control: censorship, surveillance, information warfare.”
Deibert, however, didn’t say if the Duterte regime was sufficiently impressed enough to buy the secretive Cyberbit spyware, or even if it did, how it made use of it.
Nor were there other reports that said if there were other spyware technologies that the previous regime took a fancy to for its security and surveillance needs.
Be that as it may, the above anecdote quickly grabs attention because of its implications in the ongoing no-holds-barred fight between the Marcoses and the Dutertes.
But more than that, it also makes us receptive to the alarm raised last week by this administration’s digital czar, Ivan John E. Uy: “We are constantly under attack from different sectors, from hackers, from scammers.”
Escalating cyber attacks from inside and outside the country, of course, has been our lot in recent years.
At one time or another, many of us have been personally attacked: receiving spurious texts and emails and, lately, suspicious international phone calls.
Various Filipino private firms have also endured numerous reported and unreported cyber attacks, with some attacks successfully breaching their IT systems and having their data held for ransom.
Lumbering government systems, too are sitting targets.
In 2023, for instance, ransomware group Medusa hacked into the system of the Philippine Health Insurance Corp. (PhilHealth) and leaked sensitive data, including bank details of about 42 million members after the government refused to pay a $300,000 ransom.
Chinese state-backed hackers, at one time, penetrated the Executive branch and “stole sensitive data as part of a years-long campaign,” according to one news report.
While these cyber attacks and threats come from many shadowy actors, a “big majority of them are foreign,” says Uy.
Some of these foreign actors, which Uy referred to as “sleepers,” had been targeting local computer systems for years before they were exposed through the government’s cybersecurity efforts.
Such cybersecurity efforts included the government adopting a five-year national cybersecurity plan and forming a cybersecurity network with allied countries like the US and Japan.
The military also not only reinforced its vulnerable security systems but also formed in 2020 a so-called “Cyber Battalion.”
But while attempts to steal government data are wide-ranging, Uy insists that in recent months these “advanced persistent threats” (APTs) had failed to infiltrate government systems, suggesting the country’s cyber-defenses have so far held.
APTs are a general term for cyber actors and groups, often state-backed, that engage in malicious cyber activities.
But even if it seems that the government’s cyber defense efforts appear to be paying off — the Philippines for example improved its ranking in the United Nations Global Cybersecurity Index this year — the country is still very much vulnerable to cyber attacks and threats.
“Cyber readiness initiatives are just now beginning to grow teeth,” a Filipino cyber researcher said in a recent report. “It’s (still) an uphill climb.”
Uy himself bombastically described our present cyber situation as, “World War III is happening and it is cyber.” Translated, this means none of us can confidently mark ourselves as safe from digital onslaughts.