Jan 11 2010

Hackers deface 5th govt Web site, mock automated polls

Category: Security BreachDISC @ 1:45 am

By Jerrie Abella, GMANews.TV

Another government Web site was found defaced Sunday night – the fifth attack since last month.

Hackers of the Technical Education and Skills Development Authority (Tesda) Web site, however, took on a bolder approach by leaving a message that seemed to mock the upcoming automated elections.

“Ano ba gagamitin sa Election? Blade server? Juniper Firewall (what is going to be used in the elections? Blade server? Juniper firewall)?” the message read.

HACK YOU. A screen capture of the defaced Tesda Web site as of 11:12 p.m. Sunday.Before Tesda’s, hackers had also victimized the Web sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE).

Malacañang has expressed alarm over the series of hacking attacks on government Web sites, saying it raises new concerns about the security of the automated elections in May.

“Of course we are concerned. This is not just a problem in our country, this is not just something that has happened just recently, it’s happening all over the country so this is certainly something that we are sensitive to as a matter of information policy within government,” said deputy presidential spokesman Gary Olivar at a press conference last week.

Dirty finger

The hacked Tesda Web site also showed a black and white illustration of a man giving the “dirty finger” supposedly directed against several “abusive” military and police units.

A pair of bulging eyeballs also followed the pointer anywhere on the page, and background music was also set up on the site’s second web page to which it automatically transfers.

Aside from the derisive reference to the May elections, message of sympathy to a slain communist rebel and a potshot against an alleged abusive police officer also replaced the original contents of the site.

“Nakikiramay kami sa Iskolar ng Bayan, Freedom Fighter na si Kimay” (We sympathize with the death of scholar of the people, freedom fighter Kimay)” the hackers’ message read, referring to Kemberly Jul Luna, a young New People’s Army (NPA) cadre who was killed last December 15 in an encounter with the military in Bukidnon province.

The message also identified a certain PO1 Ramos as an “abusive” police officer.

The hackers also made the site automatically jump into a second page, which featured a background music; a job announcement supposedly from VenturesLink, one of the partners of Smartmatic-TIM in the automation of the elections, inviting technicians across the country to be part of its team; a quote from the Hacker Manifesto, a short essay written by well-known hacker Lloyd Blankenship after he was arrested in 1986.

The hacking of government Web sites has alarmed Malacañang, considering the attacks’ proximity to the May automated polls.Precautions

Following the attacks on government Web sites by hackers, Olivar urged the Commission on Elections (Comelec) and other agencies to take the necessary precautions to secure their Web sites.

“Other agencies which are not yet hit by this are likewise taking the necessary precautions, especially Comelec because of the automated nature of the next elections,” he said at last week’s briefing.

The Comelec had earlier said that adequate safeguards are in place to protect the election results from hackers. Spokesman James Jimenez said the system to be used in the coming automated polls would operate on a “virtual private network,” making it difficult for hackers to bypass the system’s security mechanisms.

Tags: Comelec, Commission on Elections, Department of Health, Department of Labor and Employment, Department of Social Welfare and Development, DOH, DOLE, DSWD, Hacking, National Disaster Coordinating Council, NDCC, Technical Education and Skills Development Authority, Tesda


Jan 06 2010

Automated polls not hack-proof

Category: Information SecurityDISC @ 3:39 pm

6 machines
Image by Valerie Reneé via Flickr

By Andreo Calonzo

The system that will be used in the May 2010 automated elections is not hack-proof, but adequate safeguards are in place to protect the results from hackers, the Commission on Elections (Comelec) assured Wednesday.

“I am not saying that the system cannot be hacked. No system is 100-percent hack-proof. I am just saying that we have made sure that the system will not be hacked,” Comelec spokesperson James Jimenez said.

Jimenez gave the assurance after three government Web sites were hacked in less than two weeks, the latest of which was that of the National Disaster Coordinating Council (NDCC).

Last week, the Web sites of the Department of Health (DOH) and the Department of Social Welfare and Development (DSWD) were also victimized by hackers.

Jimenez said the system to be used in the coming automated elections would operate on a “virtual private network,” making it difficult for hackers to bypass the system’s security mechanisms.

“It’s like trying to rob a house, but you don’t even know where its exact location is,” he said in Filipino.

Jimenez also explained that the “real time” transmission of the results would make hacking more difficult.

“Our machines transmit for only two minutes. That’s too fast. In order to actually decode the data, it will take you something like three years. If you only have two minutes to do it, you do not have enough time,” he said.

But Jimenez conceded that hacking could happen at the municipal level. “The possibility of hacking is greatest at the municipal level, because it is the one most visible to the public.”

He said to prevent this, the poll body would use two other independent servers, one to a central server and another to a server assigned to media groups, accredited citizens’ arm and political parties.

“If you hack the municipal server, and if you hack the municipal server results, you are not hacking the reports of the other servers,” he said.

“If one report is hacked, this doesn’t mean that you have hacked everything. In fact, if one report is hacked, the tampering becomes more evident because there are other reports to contradict it,” he added.

An American company, Systest Laboratories in Colorado, is currently verifying the security and accuracy of the source code to be used in the automated counting machines, according to Comelec commissioner Gregorio Larrazabal. – KBK/RSJ, GMANews.TV

Tags: automated pollling machine, Colorado, Department of Health, Department of Social Welfare and Development, DSWD, hacker, Hacking, National Disaster Coordinating Council, Polling place, Seattle, United States, Voting