Hacked Twice!

The Commission on Election’s official website has been hacked twice this week – its homepage was defaced and then its entire database was made available for anyone to download.

Hacktivist group Anonymous Philippines claimed responsibility for the first attack on the night of March 27, 2016. It replaced the website’s home page with the group’s logo and a warning message to implement the security features of the PCOS machines.

COMELEC Website defaced by Anonymous Philippines
COMELEC website defaced by Anonymous Philippines.

Database Dump

The second attack was a database dump claimed by Lulzsec Pilipinas. The hacker essentially transferred around 340GB of data from the COMELEC website to his/her own website.

I examined some of the files and they seem legit. It includes simple information such as forms and memos to sensitive ones like cases, login credentials and BEI and voter details. Most are encrypted though which means they are not readable without further processes.

COMELEC database hack
Database dumps from COMELEC’s website now on hacker’s website.

COMELEC’s Response

The COMELEC’s website was successfully brought back up at 3:15 am of March 28. Comelec spokesman James Arthur Jimenez assured that the hack won’t affect the upcoming elections since the website www.comelec.gov.ph is different than what will be used by the Vote Counting Machines.

He also said that the databases are “actually available for public use.” Anyone can go to the website and check their precinct number or view the different candidates.