The Department of Information and Communications Technology (DICT) confirmed on Thursday that no sensitive data were compromised during the recent hacking incident at the Department of Science and Technology (DOST).
While the DICT was able to recover part of the hacked system, the DOST is yet to have access to its own website.
“We are still isolated and we are still locked out from accessing part of the system,” said DICT assistant secretary Renato Paraiso in a virtual briefing.
The DICT is yet to restore access to approximately two terabytes of data on the DOST network that includes information such as schematics, designs, invention proposals, and scientist profiles. Websites within the DOST network were also compromised.
“This is recently one of the biggest (hacking incidents). Our assessment indicates that the compromised data may include a mix of current and older designs. Regardless, we are taking all necessary steps to mitigate any potential impact of the breach,” Paraiso said.
He added the DOST’s network video recording (NVR) solutions are not secure enough to block hacking threats as it allowed threat factors to penetrate the system.
Paraiso admitted that government process is as fast as expected particularly in procuring tools and systems that thwart off hacking threats.
It usually takes about 45 to 60 days to procure new anti-hacking systems and tools, which is quite slow compared to the pace of global advancements on ICT development.
The DICT has initiated outreach to government agencies with existing partnerships with the DOST to strengthen security measures within their own systems and facilitate the prompt exchange of any information regarding potential compromises.
Paraiso said it is still premature to conclude that the recent hacking episode is a ransomware attack due to lack of ransom or demands from the hackers.
When ransomware disrupts a network, hackers may propose specific actions, such as fulfilling certain demands, in exchange for restoring access.
“Unlike with the PhilHealth hacking, this one does not look nefarious and may not affect the public. The PhilHealth hacking incident has compromised many personal data,” he explained.
The DICT is actively working to regain full access to the DOST system. While they are still evaluating the potential consequences of the current network restrictions, they are committed to exploring all viable options for a swift resolution.