COMELEC breach data released online, fully searchable

On March 27, the COMELEC (Philippines’ Commission on Elections) website was defaced and data on up to 55 million registered voters in the Philippines was compromised.

At the time, a COMELEC spokesman stated that “There is no sensitive information there”.

Presumably frustrated by the response, one hacker (or group of hackers) have decided to deposit all of that voter data onto a searchable website and let people make up their own minds as to what constitutes “sensitive information”. From the text on the site, it appears that the people behind this aren’t related to those who performed the initial breach.

PH Leak site

The site reads as follows:

What is this all about?

As you know (or don't know), recently LulzSec Pilipinas have hacked comelec.ph. They have dumped the database of about 70 million of Philippines voters and have published all the data at archive.org. The database contains a lot of sensitive information, including fingerprint data and passport information. So, we thought that it would be fun to make a search engine over that data.

Why are we doing this?

For lulz. Hackers just hack and download data from websites but we make it accessible for anyone. It's one thing to hear news about a huge data leak and another to is see your data in a public website. Maybe, at least now, government will start thinking about security of citizens' personal data.

The site itself has little more than 3 data entry fields and a search button. There’s also a name pre-filled in the search boxes, which would happen to belong to the current President.

PH Leak search box

They also state:

ATTENTION: there is no any passport information, no documents, etc. There is just personal data from the previously leaked by LulzSecPinas Comelec database. We have no responsibility and don't give any warranty of leaked data's accuracy - we have just extracted it from the dump.

Given there are currently attempts to get the site taken down, this may be an effort to ward off that eventuality.

After looking at some of the data and talking to potential victims, we can confirm that there is indeed plenty of legitimate information in the pile:

Data

The site lets visitors drill down to individuals for a full picture of their personal information.

Individual information

To be more specific:

Sex, civil status, year of birth, month of birth, day of birth, birth province, birth city, resident province, resident city, resident Barangay, street, precinct and precinct code.

There’s some additional entries underneath the initial personal data which appears to be tied to voting registration information.

Information on the slow dripfeed of voter data from COMELEC is now (finally) making its way to those affected by the breach:

This afternoon, I was made aware that a website has been uput up that essentially made the data allegedly copied from the COMELEC, serchable. The national Bureau of Ivestigation Cybercrimes Division is now looking into the website, and investigating the matter. In the meantime they they have not furnished us with a copy of their findingsw, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangrs of identity theft....today, the NBI announced the apprehension of one of the suspected hackers.

(The insertion of the link to the hacker being apprehended is my own).

A little later, Democracy.Net.PH posted a long list of tips and security precautions to follow when dealing with matters of potential identity fraud.

This is certainly a huge hack, and – regardless of the motives of the people behind the search portal – anybody named is now a prime candidate for potential phishing and social identity attacks.

Anybody affected by this in the Philippines – and by anybody, we pretty much mean “everybody” – should be very careful for the next few months where emails, phonecalls and even housecalls are concerned.

We’ve dug around on sites related to the above, and come across what may be dumps related to other PH hacking groups. While some of this is old (going back to at least 2015), it will take some time to get a handle on it all. Additionally, these other dumps are likely not connected to the COMELEC hack.

Meanwhile, more information on the COMELEC hacker(s) is coming to light, and you can bet that this is just the beginning of a non-stop dissection of what went wrong. I suspect it might take them some time…

Christopher Boyd (Thanks to William Tsing for more information)

Advertisements

Bulambod Version 3.2015.6.31

WARNING !!! WARNING !!! WARNING !!!

This program is not compatibe with previous version, DO NOT use it decrypting old files. This is not a TOY, canceling while on process will make your files unusable. Big files will take time to finish, so ensure you have enough power or regret later. Don’t forget your password, secret key, start position and % file to process options, or else only miracle can restore your files.

RELEASE HISTORY
Version 3.2015.6.31
CHANGES SINCE PREVIOUS RELEASE
-Change about logo
-Fix website hyperlink bugs when click
-Fix several runtime error
Version 3.2015.4.24
CHANGES SINCE PREVIOUS RELEASE
-Add Restore Back-up button
-Add transparency option
-Fix several runtime error
-Selected files and password file is now autocheck if still exist before processing, invalid filenames are auto remove
-If file is under 64000 bytes it will be encrypted 100% regardless what is the value of % to process
-Default % to process is now 5%

Select Files button – to select files to process.

Encrypt radio button – encrypt selected files/text.

Decrypt radio button – decrypt selected files/text.

Show check box – mark to display password.

Clear check box – mark to clear password.

Start button – to start selected process.

Transparency slide – To change or adjust transparency

Restore Back-up button – to restore or rename all files with .backup extension

Type Password box- a place to enter your security code for encrypting and decrypting files.

Use file as password check box – select file and use as password.

List box – display selected files, you can also drag and drop files inside directly, only checked items will be process. Status will show if file is encrypted if it contains encrypted signature.

Input text box – encode any text to encrypt or decrypt.

Input password box – a place to enter your security code to encrypt or decrypt text. Secret key will be use.

Shift3 chech box –  caesar cipher or shift character +/- 3.

Floppy disk icon – save text to file using .txt extension or save generated password to file using .pwd extension.

Process – to start selected process.

Generate Password button – generate random password. Just copy paste to use.

Password length – 0 to 32,000 characters, 32,000 is the default value.

Secret Key – additional security, remember this like your password.

% to process – file percentage to process, good option for big files.

Start at – starting position to process, good for skipping header file.

Back-up files – create backup files before processing.

Append in files
(If Encrypted) – append and save encrypted status inside the file.
(Secret Key) – append and save secret key inside the file.
(Start at) – append and save starting position to process inside the file.
(% to process) – append and save % to process inside the file.

http://www.bulambod.blogspot.com or http://www.bulambod.wordpress.com – click to jump in my website.

images

DOWNLOAD

https://drive.google.com/file/d/0ByiZv0Pxtm37ZUF3RG9KYVBkMzQ/view?usp=sharing

Bulambod 3.2015.4.24

b1 b2 b3 b4 b5 b6

What is Bulambod?
It is a cipher algorithm to convert electronic data or information to unusable format. It was written with the Genius, Hacker, Phreaker, Pirater, AI, Aliens and Almost-Average life form in mind. Its purpose is to create highly secure cryptographic system.

Why Bulambod was created?
It is an art, my dream to create an unbreakable cipher, the missing link to the future.

Is it legal to use it?
It depends on the law, were you are currently live in.

Why is it FREE?
This program is FREE to promote Bulambod algorithm, but Bulambod algorithm is not FREE.

Is it secure than other cipher algorithm?
As long the information and password are unknown it’s impossible to crack or hack.

Bulambod executable net framework edition – A
Bulambod executable net framework edition – B
Bulambod executable windows edition
Bulambod executable windows mobile edition
(contains Bulambod cipher algorithm)

NOTICE
This cipher algorithm cannot be used or embed in any software or hardware without approval of the author. This algorithm is secured that can produce unbreakable results. It can be design to used infinite password length, can use any number system known or unknown, can be design to use any kind of input device for password like laser, voice, DNA, video and etc.

This algorithm is not for sell however if you are interested about encryption or in this program in particular, you can contact me for more informations. I will gladly assist you. You could hire me to design and create encryption software to suit your specific needs.You can use this executable as FREEWARE for non commercial use only. This software is provided AS IS with no warranty or conditions. ALL IMPLIED WARRANTIES AND CONDITIONS (INCLUDING THOSE OF MERCHANTABILITY, SATISFACTION AND FITNESS FOR PARTICULAR PURPOSE) ARE HEREBY DISCLAIMED. Use of the programs may not be error-free or uninterrupted. You assume all risks as to the quality and performance of the Derivative Products and will be solely responsible for any related warranties or conditions.The user must assume the risk of using the program. Your use of this software implies your acceptance of these terms.You can send your financial donation or any help at address below , via Western Union/Moneygram or any money order services

Mitchelle V. de la Cruz
Cadiz City, Negros Occidental, Philippines, 6121
ellehctim@yahoo.com
tel# just check my web blog
Copyright 1994-2xxx
All rights reserved.
http://www.bulambod.blogspot.com or http://www.bulambod.wordpress.com

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

WARNING !!! WARNING !!! WARNING !!!

This program is not compatibe with previous version, DO NOT use it decrypting old files. This is not a TOY, canceling while on process will make your files unusable. Big files will take time to finish, so ensure you have enough power or regret later. Don’t forget your password, secret key, start position and % file to process options, or else only miracle can restore your files.

RELEASE HISTORY
Version 3.2015.4.24
CHANGES SINCE PREVIOUS RELEASE
-Add Restore Back-up button
-Add transparency option
-Fix several runtime error
-Selected files and password file is now autocheck if still exist before processing, invalid filenames are auto remove
-If file is under 64000 bytes it will be encrypted 100% regardless what is the value of % to process
-Default % to process is now 5%

Select Files button – to select files to process.

Encrypt radio button – encrypt selected files/text.

Decrypt radio button – decrypt selected files/text.

Show check box – mark to display password.

Clear check box – mark to clear password.

Start button – to start selected process.

Transparency slide – To change or adjust transparency

Restore Back-up button – to restore or rename all files with .backup extension

Type Password box- a place to enter your security code for encrypting and decrypting files.

Use file as password check box – select file and use as password.

List box – display selected files, you can also drag and drop files inside directly, only checked items will be process. Status will show if file is encrypted if it contains encrypted signature.

Input text box – encode any text to encrypt or decrypt.

Input password box – a place to enter your security code to encrypt or decrypt text. Secret key will be use.

Shift3 chech box – caesar cipher or shift character +/- 3.

Floppy disk icon – save text to file using .txt extension or save generated password to file using .pwd extension.

Process – to start selected process.

Generate Password button – generate random password. Just copy paste to use.

Password length – 0 to 32,000 characters, 32,000 is the default value.

Secret Key – additional security, remember this like your password.

% to process – file percentage to process, good option for big files.

Start at – starting position to process, good for skipping header file.

Back-up files – create backup files before processing.

Append in files
(If Encrypted) – append and save encrypted status inside the file.
(Secret Key) – append and save secret key inside the file.
(Start at) – append and save starting position to process inside the file.
(% to process) – append and save % to process inside the file.

http://www.bulambod.blogspot.com or http://www.bulambod.wordpress.com – click to jump in my website.

images

Bulambod version 3.20140601

New version for this year.

https://drive.google.com/file/d/0ByiZv0Pxtm37MUFFNi1VTnZwTE0/edit?usp=sharing

review by Alexandru Dulcianu

In order to keep your files safe, using a regular password protection is not enough these days, due to the increasing number of threats present in the online medium. Moreover, if you plan on transferring the documents by email, they are even more exposed to malicious attempts.

Protect your files using strong encryption algorithms

Bulambod is a software utility that enables you to protect your information using powerful encryption algorithms, which aim to keep the documents safe from any unauthorized attempt to access them. The overall procedure involves selecting the desired files you want to secure and the secret pass key required to decrypt them, without which they cannot be viewed or used.

In addition, the application is also able to decrypt the documents once you no longer need the protection, using the exact same process. In case you do not want to risk losing access to your files due to password loss, you can choose to create a backup for them each time you apply the encryption and keep the originals unharmed.

Encrypt text and generate random passwords

In case you do not want to use a separate document, or you do not intend to send it as an attachment, you can simply encrypt the text using the built-in capabilities of the application. The content can be pasted directly into the provided text area and, just like with regular documents, you enter the preferred password. The result can then be safely used in regular, plain text files, without the need for additional protection.

In addition, you can generate automatic passwords to use as encryption keys, using a wide array of special characters and random digits. The total length of the key can be controlled using the available slider, although they can be quite difficult to remember without storing them somewhere, especially if you use a longer password.

In conclusion

Thanks to the very straightforward process and the reliable encryption algorithms, Bulambod is an application that can be very useful to have around when you need some additional protection. Furthermore, the intuitive user interface makes it very easy-to-use for anyone, regardless of your prior experience with computers.

from:

http://www.softpedia.com/get/Security/Encrypting/Bulambod.shtml

Bulambod 1.0 for windows mobile pocketpc in http://oldsap.blogspot.com

It is a cipher algorithm created and develop by Mitchelle V. de la Cruz.

It is not base on other cipher algorithm. It was not invented or design today but it was started on 199xs. Yes it is not the same in structure when it was first design but the main goal was to make an unbreakable cipher algorithm. The strength of Bulambod is in the secrecy of password, even programmers, hackers, geniuses or even aliens know the source code it doesn’t matter. Bulambod can be design to used infinite password length. You can brute force it but its like your counting stars in the universe or counting grains of sand in all the beaches. You can use even any number systems even number systems that was not invented. Bulambod is a formula, its not difficult as you may think, its simple, its small, it has lots of good usage but beware, and a plea, warning from the author his asking and will condemn anybody who will used this code in any malicious software especially to harm the masses. All rights reserved 19xx to infinite. Anybody has no right to used this algorithm without the approval of the author.

 

http://oldsap.blogspot.com/2008/11/bulambod.html