MANILA, Philippines – KINIKILALA na ng Department of Information and Communications Technology (DICT) ang suspek na nasa likod ng data breach na pinuntirya ang Philippine Statistics Authority (PSA).
Sinabi ni DICT spokesperson Renato Paraiso na labis na pagdurusa ang dinanas ng PSA mula sa cyberattack.
Iyon nga lamang ay hindi pa ito nag-iimbestiga kaugnay sa lawak ng data leak.
“The one in PhilHealth is with Medusa. It’s a foreign and very sophisticated group. With the PSA, our suspect is somewhat local and somewhat amateurish,”ayon kay Paraiso.
Nauna rito, sinabi ni Data protection officer Atty. Eliezer Ambatali na na-hack ang PSA system, dahilan ng data breach ng kanilang Community-Based Monitoring System (CBMS).
Ang CBMS ay isang data gathering system sa local level na nagsisilbing basehan para sa target na pamilya o sambahayan sa pagpa-plano, pagba-budget at implementasyon ng mga programa ng pamahalaan.
Saklaw ng mga programa ang “poverty alleviation at economic development programs” gaya ng Pantawid Pamilyang Pilipino Program.
Ayon kay Ambatali, nalaman lamang ng PSA ang tungkol sa data leak sa pamamagitan ng Facebook post ng isang di umano’y mayroong ‘concerned files.’
Aniya, “the post contained some links to a drive that contains CBMS files and other links that may contain malware.”
Nangyari naman ang data leak sa PSA kasunod ng ransomware attack sa Philippine Health Insurance Corp. (PhilHealth).
Tinuran ni Ambatali na hindi nila madetermina kung ang perpetrators o mga salarin ng cyber attacks sa PhilHealth at PSA ay pareho. Subalit, sinabi nito na mayroon na silang ilang leads base sa Facebook post.
Naniniwala aniya ang PSA na ang malicious file na naka-infect sa PSA system ay hindi katulad sa Medusa malware na labis namang nakaapekto sa PhilHealth’s system.
At sa tanong naman kung ano ang posibleng motibo ng mga salarin sa ginawa nitong cyber attack sa PhilHealth, sinabi ni Ambatali na “From the post that we have seen, it is just to expose or brag about that they can do this kind of cyber attacks.”
Sa kabila pa rin ng data leak, winika ni Ambatali na magpapatuloy ang operasyon ng PSA kabilang na ang pagpapalabas ng “birth, marriage, at death certificates, at maging ng national IDs.”
Sa kabilang dako, nang tanungin naman ang DICT kung may nakikita itong pattern sa hacking, sinabi naman ni Paraiso na “What I can confirm that we have observed is that there are definitely efforts to try and hack in and infiltrate our systems.”
“What we equally observed is marami rin nagsasamantala na individual na kunyari may na-hack na ganito…We would like to ask the public to be very vigilant and huwag masyadong magpanic. We would be very transparent; if there is an actual attack that happened, as long as we confirm it, we will tell the public right away,” dagdag na pahayag ni Paraiso.
Samantala, sinabi ni Paraiso na lahat ng anggulo ay iniimbestigahan ng DICT kabilang na ang inside jobs.
“Every angle that we can come up with, we would look into, including the angle if it was an inside job,” anito.
“But again, we would be very hard-pressed to pursue any angles if the individual agencies would withhold or access data from DICT. So the extent of our report and the extent of our findings would be very limited,” dagdag na wika ni Paraiso.
Pinayuhan naman ni Paraiso ang publiko “to change passwords with unique passwords, enable multi-factor authentication on accounts, refrain from sharing personal information online, avoid clicking phishing links on emails and text messages, and use different passwords on various online accounts.” RNT
