THE National Bureau of Investigation agents arrested a second suspect in the hacking of the Commission on Elections website and the theft of a database of 57-million registered voters, a Comelec spokesman said Friday.
Comelec spokesman James Jimenez said the NBI’s Cybercrime Division arrested Jonel de Asis, 23, from his home in Muntinlupa City.
Comelec Chairman Andres Bautista said De Asis confessed to being the mastermind behind the hacking of the poll body’s website, but denied that he and his group created the wehaveyourdata.com website which made publicly available the database of personal information belonging to 57-million registered voters, including their home addresses, birthdays, relatives, fingerprints and even passport numbers.
Jimenez said De Asis also confessed that he and his fellow hackers decided to hack the website to prove that the Comelec website can easily be breached.
“I asked him if they had a plan for the elections, if there was a political angle to what they did, and he said no. He said he’s not even a registered voter,” Jimenez said in Filipino.
The NBI seized De Asis’ personal computer and mobile phone.
The first suspect, Paul Biteng, was arrested a week ago and admitted to the crime. He faces charges of illegal access to a computer system, data interference and misuse of devices under the Cybercrime Prevention Act of 2012.
The NBI said it was still hunting down a third suspect.
Jimenez said the 340-gigabyte database that was stolen appeared to be old files and unlikely to affect the May 9 elections.
Jimenez said De Asis confessed that the database that he had stolen were old files.
“We cannot still say if the database he stole is authentic, because even the hacker admitted that they targeted old data. They said they believed that if it is old data, it is no longer relevant,” Jimenez said.
He did not address the loss of privacy suffered by millions of voters, or the potential for identity theft and other crimes as a result of the data breach, however.
In March, Anonymous Philippines hacked the official Comelec website, defacing it with a message address to the poll body, demanding that they make sure the security features on the vote counting machines were activated on Election Day.
Another group called “LulzSec” accessed the data on the poll body’s website and posted it online.
“A great lol to Commission on Elections, here’s your whoooooole database,” LulzSec Pilipinas said in a Facebook post.
The instance was the first major leak of election-related data by a hacker group in the Philippines.