Palace probes ‘Mail forgery’

Stolen Comelec data lands on Malacañang server

MALACAñANG denied on Saturday that it abetted the violation of the privacy of 55 million Filipino voters when an unidentified person used the Palace’s mail server in seeding a torrent file of the database that was stolen from  the Commission on Elections.

Presidential Communication Undersecretary Manuel Quezon III said a preliminary investigation of the Management Information Service of the Office of the President suggested that an unidentified culprit may have forged the identification of his host server to make it appear that the Palace mail server was used to seed the torrent.

“According to the MIS, no unusual activity has been detected which only suggests at this point the possibility of a malicious forgery,” Quezon said in a radio interview over state-owned Radyo ng Bayan.

Security check. A designated election inspector checks on the transmission of votes during a mock election held at the Hermenigildo J. Atienza Elementary School in Tondo, Manila on Saturday. DANNY PATA
But Quezon maintained that it has a huge chance of possibilities that a certain user change his or her settings to make it appear that the Malacañang mail server was the one seeding the sensitive database.

“The person who downloaded the torrent tinkered with his settings so they could make it appear that the server was ‘mail.malacañ’ You can do that easily,” he said.

Quezon said the subdomain has been delegated to a specific mail server under the OP-MIS department since May of 2011.

He said the OP-MIS is now reviewing its firewall and server logs and trying to determine if the server was used to download and seed the torrent or the server was compromised or if a remote client was using the mail server to access the internet or if the culprit intentionally forged his host name with malicious intention to make it appear as

If the investigation team determines that someone in the Palace used to download and seed the torrent, Quezon said that person will be identified and held accountable.

Meanwhile, Quezon advised the public to take basic precautions, like changing their passwords among others, to avoid possible identity theft.

“In terms of accountability, it will be the Executive Secretary who will determine the accountability if it is proven that someone indeed used the mail server to download the Comelec data,” Quezon said.

Quezon revealed the Palace investigation after internet users accused the Palace on Friday of helping spread the hacked Comelec data containing the personal information of millions of registered voters.

The Comelec said on Friday that the United States Department of Justice was able to take down the server in Russia hosting the hacked database.

But several downloaders have already managed to convert the database into a torrent file that can be distributed via peer-to-peer sharing platforms.

However, internet security experts said it would now be impossible to recover the stolen information, including the voters’ fingerprints.

“Once this information is out, it’s impossible to recover,” FireEye Asia Pacific chief technical officer Bryce Boland said in an interview with Bloomberg. 

“There’s no way for 55-million Filipinos can change their fingerprints. This data is never gonna be recovered and this is the fundamental problem that we are facing but not just in the Philippines but everywhere,”  Boland said.

He said that through this cyber attack, it is clearly showed that “all government organizations are not doing enough to protect these data.”

“I think it is very serious, we are talking about the personal details of at least 55-million Filipinos, it is not just the name and the address, it’s information of their email address, their passport information, their height, their weight, their parents’ name, even their fingerprint details, this is very significant,” he said.

“Not only is this by far the largest data breach of government information since the breach in Turkey where the details of 49 million people were stolen,” Boland said.

“This information was not just stolen by single intelligence agency, this information is up in the internet for anyone to access,” Boland said, adding that other Asian countries are also very vulnerable to a major data breach.

“Many organizations simply don’t have the defenses to even detect or prevent things from happening,” Boland added, noting that the hacking is twice as high around the world.

Boland advised investigators to determine what else the hackers did aside from stealing the database because they could have created a “backdoor” to give them an access in case they will come back and rig the result of the elections.

“Often the investigator will just remove the malware and assume that everything is okay,” Boland said.

“But what needs to happen is a thorough investigation to understand what else did the attackers do when they broke in and stole that data. Did they make a backdoor to give them access later and potentially move literally with the Comelec network and potentially change the outcome of the vote in a few weeks’ time,” he added.

He also feared that the database might be used by criminal organizations who wanted to conduct fraud and make money against high-profile people.

“Often we find that there are people trading these information on underground sites where you can collect information about bank account details, card information, and converted data to build a really comprehensive portfolio information to conduct fraud,” he said.

“We’ve seen most of the intelligence gathering has moved towards using cyber espionage because it’s much safer. It’s cost effective and meets all information you want with very good plausible deniability,” he said.

“So we mostly see this attacks happening at the national level and they don’t make it public in most cases,” he added.

Even Boland said that government organizations are not doing enough to protect these data.

Quezon, on the other hand, advised all public offices to move all their servers into the government servers to unify all data.

“Now, the government has been pushing a policy of encouraging government offices their servers to a government server in order to protect, supervise and make their protocols more secure,” Quezon said.

This may take time, but Quezon believes that it is better if government agencies move toward consolidation of database.

Topics: comelec , stolen data , palace , mail forgery , halalan 2016 , election 2016
COMMENT DISCLAIMER: Reader comments posted on this Web site are not in any way endorsed by Manila Standard. Comments are views by readers who exercise their right to free expression and they do not necessarily represent or reflect the position or viewpoint of While reserving this publication’s right to delete comments that are deemed offensive, indecent or inconsistent with Manila Standard editorial standards, Manila Standard may not be held liable for any false information posted by readers in this comments section.