NBI nabs 3 for hacking online platforms of gov’t agencies

Atty. Jeremy Lotoc, NBI Cybercrime Division Chief, said the agency has been tracking these individuals since 2016. They were still minors at the time and members of a group of international independent hacktivists calling themselves ‘Global Security Hackers.’

Lotoc added that the hackers were also the same threat actors, who defaced the University of Santo Tomas (UST) Hospital website as a protest against Dr. Anna Liezel Sahagun for allegedly refusing the admission of a woman, who was about to give birth but could not pay the P20,000 security deposit.

The individuals also admitted to exploiting and defacing the platform of online payment gateway Dragonpay before moving on to ‘Pinoy LulzSec,’ a hacking group responsible for defacing hundreds of Philippine websites. They allegedly breached the platforms of the Armed Forces of the Philippines, Philippine Army, Philippine Navy, and the National Security Council.

“During my turnover, I have promised you and I have announced publicly that we will pound on cybercrime. This is just the start. We have several operations lined up. So, for the scammers, cybercriminals and hackers, prepare yourselves. Here we are. Atty. Lotoc will be very active on this,” said NBI Director Judge Jaime Santiago.

One of the arrested individuals was identified as a data officer working for the Manila Bulletin. He was allegedly directed to exploit target systems by the publication’s technology editor Art Samaniego.

The other two suspects were cybersecurity researcher working for a major company with an office in BGC, and a graduating student from an undisclosed university in the Philippines.

Samaniego has denied the allegations, but the NBI said it is also preparing to file a case against him. The Manila Bulletin also issued a statement regarding the incident.

“As a responsible corporate citizen, the Manila Bulletin adhered to the laws of the land and requires its employees to be law abiding. We expect our employees to be accorded their rights. We assure the public of Manila Bulletin’s utmost fidelity to the laws of the land,” the company said.

The hackers were joined by two others who were arrested Thursday night, June 20, for selling compromised GoTyme accounts.

“What’s worrisome based on what we’ve seen is that ‘aka Illusion,’ one of the hackers presented here, we saw in his device through control viewing, user account credentials for banks – PNB, BDO, Unionbank, and even Security Bank,” Lotoc revealed.

NBI will be verifying with the involved banks whether or not these credentials are genuine since cybercriminals use accounts with fake user information in their exploits.

Lotoc added that the data stolen by these individuals are either sold on hacking marketplaces and forums to organized cybercrime groups, used as bragging rights by individuals who aim of joining hacking organizations, or act as a bargaining chip in exchange of malicious scripts.

“Before we presented them to the public, they had undergone inquest proceedings…and cases had been filed. I have instructed Atty. Lotoc that we will bring this case all the way to conviction. That is how NBI now works,” Santiago stated.

Based on the extrajudicial confession of the Manila Bulletin data officer, he was directed by Samaniego which platforms to hack. Based on investigations conducted by the NBI, a pattern has emerged where the editor is first on the scene to write about major cyber incidents in the Philippines.

Lotoc also mentioned that the editor is facing allegations of paying local hackers to find vulnerabilities in PH-based online systems.

“We commend the NBI for apprehending these suspected cybercriminals. We will assist in our capacity as technical consultants in ensuring we build a strong case against them,” Department of Information and Communications Technology (DICT) Usec. Jeffrey Ian Dy said in a statement.

“We confirm that these cases have been discussed thoroughly within the National Cybersecurity Interagency Committee (NCIAC) which is chaired by the Executive Secretary and co-chaired by DICT and NSC,” Dy added.

DICT is part of an interagency working group that shares intelligence and technical information that assists our law enforcement agencies in apprehending suspected cybercriminals.

— Ram Superable with Darwin Amojelar