Department of Information and Communications Technology Ivan Uy explains in a Palace briefing that no sensitive data was compromised amid reports that the Executive Branch was allegedly "penetrated" by Chinese-state backed hackers. Screenshot from RTVM/YouTube
HEADLINES

DICT denies hacking, secures database

Richbon Quevedo

There have been no successful attempts to hack into government agencies by outside parties, Information and Communications Technology Secretary Ivan Uy said yesterday.

A Bloomberg report on Tuesday said China-backed hackers had “penetrated” the executive branch of the Philippine government between 2023 and 2024 and stole sensitive data about the maritime dispute in the South China Sea.

Uy said there have been attempts to hack into Philippine government agencies but the Department of Information and Communications Technology (DICT) has always been able to detect them.

“There are always attempts to do so and in many instances, we were able to detect them early on. And when we do, we are able to secure the database and the system so that it remains just an attempt and not compromise some of the more sensitive data,” he said in a Palace briefing.

Uy said cyber attacks on government agencies typically target “public-facing sites,” such as help desks which are accessible for reporting issues and concerns.

“Those open sites are really designed with minimal security because we want to allow the public to easily communicate with the different government agencies, so in most instances it is the first to be targeted by hackers and we detect it and we respond to it immediately,” he said.

Accessed ‘old data’

Uy said the data the hackers claimed to have accessed were from “old systems” or “legacy systems.”

“We detected that the vulnerabilities that were exploited were old systems [or] what we call legacy systems. These might be agencies that have not yet updated their software so hackers were able to exploit them,” he said.

Uy said the hackers were reposting the “old data” and falsely claiming they had accessed government sites.

“One of the examples of this is hackers [who] hacked a government agency back in 2020, and they claimed to get this information so they will repost it today, and they say ‘look, we hacked something,’” Uy said.

He said the DICT challenged the hackers to post the material they got.

“We challenged them. Post it! What did you get? Either they do not post anything because they did not get anything — they just claim to have done so — or if they do post we see that these are dated [or] old data,” he said.

More frequent cyber attacks

Uy said there will be more frequent cyber attacks this year as the midterm election approaches.

“We have detected [a] significant increase in probing attacks, especially as we get closer to the elections in May. What’s happening is more fake information and disinformation is being spread on social media. There are attempts to compromise certain infrastructure like websites. They are trying to deface websites or introduce malicious software in these sites,” he said.

On a daily basis, the DICT said, it “repels” hundreds of thousands of cyber-attack attempts across the executive and legislative branches, as well as the websites of lawmakers, including those who are running for the House and Senate in May.