Balita.org: Your Premier Source for Comprehensive Philippines News and Insights! We bring you the latest news, stories, and updates on a wide range of topics, including politics, culture, economy, and more. Stay tuned to know everything you wish about your favorite stars 24/7.

Contacts

  • Owner: SNOWLAND s.r.o.
  • Registration certificate 06691200
  • 16200, Na okraji 381/41, Veleslavín, 162 00 Praha 6
  • Czech Republic

DICT: Lapses identified after hacking of disaster response unit

MANILA, Philippines — The Department of Information and Communications Technology is determined to learn the lessons from the successful hack staged on its disaster response unit’s portal and implement improvements in its systems and websites not just in the DICT but also in other national and local government agencies.

Jeffrey Ian Dy, ICT Undersecretary for Infostructure Management, Cybersecurity and Upskilling, said that a review of the hack undertaken on their Disaster Risk Reduction and Management Division (DRRMD) portal the other day had identified the lapses that enabled the hacker to breach the system.

“We have identified the lapses. These are instructive, and these can also be used so that other agencies can also understand,” Dy told The Star in a Viber audio interview.

“Majority of the lapses were in the way the (DRRMD) system was developed,” Dy said.

However, Dy reiterated that the DRRMD was really designed to be easily accessible by outside parties since it was meant to disseminate information during disasters.

Dy said that a lapse found was that the DRRMD portal used an untested encryption algorithm.

“What was used was...an encryption algorithm or protocol that was proprietary, the protocol was developed or invented by a provider,” Dy said.

Another lapse, which he said was also seen as a “critical flaw”, was the use of a password system that was encrypted.

“The password – the username password combination – should not be encrypted, it should be hashed,” Dy said.

Also, Dy said that the DICT had already detected these vulnerability several days earlier.

“ However, it took several days before it was updated. And then, the hacker struck before we can do address the vulnerability,” Dy said.

Dy reiterated that the volume of data compromised by the hacker, whom he earlier identified as “PH1NS,” was just about 200 megabytes.

“Any type of breach, we don’t want to downplay. Even though it’s (DRRMD) a small system, we still take this seriously. We still want to take note of the learnings here,” Dy said.

Dy noted that the DICT’s cybersecurity forces have been spread rather thinly the past weeks with the number of hacks being staged on government agencies and

Read more on philstar.com
Prev Post
Philippines makes history with Mister Supranational 2024 2nd runner-up finish

Related News

Latest Posts
Press Release - Dela Rosa: ROTC bill to give students comprehensive training for disaster response
  • By legacy.senate.gov.ph

Press Release - Dela Rosa: ROTC bill to give students comprehensive training for disaster response

DICT readies guidelines for SIM card registry audit
  • By philstar.com

DICT readies guidelines for SIM card registry audit

Press Release - Chiz urges immediate cleanup to prevent disease outbreaks after calamity
  • By legacy.senate.gov.ph

Press Release - Chiz urges immediate cleanup to prevent disease outbreaks after calamity

Asian markets extend Wall St rally after US data and ahead of Fed
  • By philstar.com

Asian markets extend Wall St rally after US data and ahead of Fed

Sara Duterte rebukes PNP chief over 'lies', 'political harassment' after cop removal
  • By philstar.com

Sara Duterte rebukes PNP chief over 'lies', 'political harassment' after cop removal

Israel vows retaliation after rocket kills 12 youths in Golan
  • By philstar.com

Israel vows retaliation after rocket kills 12 youths in Golan