COMELEC breach data released online, fully searchable

On March 27, the COMELEC (Philippines’ Commission on Elections) website was defaced and data on up to 55 million registered voters in the Philippines was compromised.

At the time, a COMELEC spokesman stated that “There is no sensitive information there”.

Presumably frustrated by the response, one hacker (or group of hackers) have decided to deposit all of that voter data onto a searchable website and let people make up their own minds as to what constitutes “sensitive information”. From the text on the site, it appears that the people behind this aren’t related to those who performed the initial breach.

PH Leak site

The site reads as follows:

What is this all about?

As you know (or don't know), recently LulzSec Pilipinas have hacked comelec.ph. They have dumped the database of about 70 million of Philippines voters and have published all the data at archive.org. The database contains a lot of sensitive information, including fingerprint data and passport information. So, we thought that it would be fun to make a search engine over that data.

Why are we doing this?

For lulz. Hackers just hack and download data from websites but we make it accessible for anyone. It's one thing to hear news about a huge data leak and another to is see your data in a public website. Maybe, at least now, government will start thinking about security of citizens' personal data.

The site itself has little more than 3 data entry fields and a search button. There’s also a name pre-filled in the search boxes, which would happen to belong to the current President.

PH Leak search box

They also state:

ATTENTION: there is no any passport information, no documents, etc. There is just personal data from the previously leaked by LulzSecPinas Comelec database. We have no responsibility and don't give any warranty of leaked data's accuracy - we have just extracted it from the dump.

Given there are currently attempts to get the site taken down, this may be an effort to ward off that eventuality.

After looking at some of the data and talking to potential victims, we can confirm that there is indeed plenty of legitimate information in the pile:

Data

The site lets visitors drill down to individuals for a full picture of their personal information.

Individual information

To be more specific:

Sex, civil status, year of birth, month of birth, day of birth, birth province, birth city, resident province, resident city, resident Barangay, street, precinct and precinct code.

There’s some additional entries underneath the initial personal data which appears to be tied to voting registration information.

Information on the slow dripfeed of voter data from COMELEC is now (finally) making its way to those affected by the breach:

This afternoon, I was made aware that a website has been uput up that essentially made the data allegedly copied from the COMELEC, serchable. The national Bureau of Ivestigation Cybercrimes Division is now looking into the website, and investigating the matter. In the meantime they they have not furnished us with a copy of their findingsw, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangrs of identity theft....today, the NBI announced the apprehension of one of the suspected hackers.

(The insertion of the link to the hacker being apprehended is my own).

A little later, Democracy.Net.PH posted a long list of tips and security precautions to follow when dealing with matters of potential identity fraud.

This is certainly a huge hack, and – regardless of the motives of the people behind the search portal – anybody named is now a prime candidate for potential phishing and social identity attacks.

Anybody affected by this in the Philippines – and by anybody, we pretty much mean “everybody” – should be very careful for the next few months where emails, phonecalls and even housecalls are concerned.

We’ve dug around on sites related to the above, and come across what may be dumps related to other PH hacking groups. While some of this is old (going back to at least 2015), it will take some time to get a handle on it all. Additionally, these other dumps are likely not connected to the COMELEC hack.

Meanwhile, more information on the COMELEC hacker(s) is coming to light, and you can bet that this is just the beginning of a non-stop dissection of what went wrong. I suspect it might take them some time…

Christopher Boyd (Thanks to William Tsing for more information)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s