The rise of hacking in the Philippines: Is it a political attack?

3 years ago, the vulnerabilities in BDO online banking system were targeted. Reports claim that its one-time password generation was easily breached by hackers and around 700 accounts were compromised. 3 Filipinos and 1 Nigerian were indicted for violations of Republic Act 8484 (Access Devices Regulations Act of 1998) and RA 10175 or the Cybercrime Preventions Act of 2012.

But persistent hackers were undeterred. Bangko Sentral ng Pilipinas claimed a surge of 2, 324% in hacking and malware attacks while phishing increased to 320%. The COVID-19 pandemic created a boom in online banking transactions and hackers saw this as a great opportunity to launch their attacks. The attacks penetrated many layers of security and introduced several more sophisticated attacks. It brought forward the dreaded question: Is it safe to entrust personal details online?

Attacks on government agencies were mostly thwarted wherein hackers used brute-force and other sophisticated attacks. No hacking damage ever exceeded the 2006 Commission on Elections hacking wherein the biometrics of 200 million Filipino voters were compromised. The hacking attacks would cause significant doubt in the integrity of the succeeding 2007 National Elections.

The attack on BDO accounts has bolstered online security banking in the country. No attacks ever caused damage so huge since then.

Nonetheless, the attacks should never be taken lightly. It is only proper to put forward the number one concern of many Filipinos. After all, Filipinos dominate online usage in Southeast Asia. 

China is doing it?

There are speculations that the rise in hacking attacks is political. Analysts claim that hacktivists in collaboration with foreign entities are trying to undermine the Philippine government through these attacks. Theories of this kind have sprouted which were made worse by the successive discoveries of spy equipment and hacking tools in POGO raids in the last 2 years. Senate inquiries into the POGO operations and persona of a small-town mayor Alice Guo have largely sensationalized this theory.

China, which is pointed as the main culprit behind the attacks, has denied the allegations but the Department of Information and Communications Technology (DICT) asserts that China IP addresses were linked to the hacking attacks.

While the DICT is quick to admit that the China IP addresses are not actual proof that China perpetrated the attacks, it reiterates that hacking was made on Chinese soil. In a meeting of Southeast Asia leaders in 2022 in the US with US President Joe Biden, a security alert says that China is hacking its neighbors to support its economic campaigns in the region and to secure control of its territories.

Cyber security and political analysts in the country also share the same analysis given the increasing tension between the Philippines and China in the West Philippine Sea. This is aside from the economic interests that China is deemed to protect within the country. The Philippines highly depends on Chinese manufacturing, business opportunities, and economic aid.

Assuming that these attacks are political then the Philippine government is going to have to brace itself for more sophisticated attacks. The DICT should always be ready for the next attack with stronger security infrastructure and continuously improve security measures, never allowing hackers the opportunity to abuse online security weaknesses.

The Important Thing to o

While it is easy to fingerpoint, it is more important to be informed about how new and more sophisticated attacks were made and how to avoid becoming the unwitting victim.

1.     Never fall victim to the SCAMPAGE. It is a fake GCash application. Through the fake application, hackers gained access to login details including passwords and mobile identification numbers thereby gaining access to GCash accounts. Make sure you update your mobile application on official sites. Be wary of fake alerts for application updates or login verification.

2.     Never re-use usernames and passwords. As much as possible, use a unique username and password for each of your social media, bank and online payment accounts. Should a breach happen in one of your accounts, you can simply report it and initiate immediate security action without having to worry about your other accounts.

3.     Never access unsecured websites and links.

4.    Never use public internet connection. Always make sure that you use a secure and private internet connection to avoid having your personal data from being stolen.

5.     Always be updated. The internet is a vast source of knowledge. Always be informed of the latest security threats so you will know how to handle them and avoid being a prey.