From the time the article reporting that the COMELEC servers were hacked anew yesterday came out, I already received quite a number of messages from friends asking for details about it. With the 2016 hacking incident of the poll body still fresh to most (dubbed as COMELEAKS)
Here’s my personal take of the incident (without talking to colleagues at MB or the COMELEC, nor reading/watching the news from different sources):
- I had been monitoring both mainstream and underground networks since Saturday (08 JAN 2022) for related “news” after my MB boss (Art Samaniego) posted on his social media: “Something big! A cyber security incident that would make other cybersecurity incidents look like a child’s game.”
- I still have to see proof that the hacking incident indeed happened. For a massive data breach (around 60GB of data according to the article), it is but weird that (1) no known hacking group has claimed responsibility for it; (2) the underground community (where both good and bad hackers commune) is silent; and (3) even my colleagues and counterparts from outside of the region are puzzled about the said “incident.”
- I am also thinking that this has something to do with the previous COMELeak (1.0?). It is but possible that the vulnerability/ies in the previous hacking incident is/are still there — it only takes a matter of time for knowledgeable hackers to discover and exploit them.
It may be worth noting that in cybersecurity, hacking and cracking are two different things. I am guessing that if it really did happen, it would be more of a cracking incident. Right now, as I try to weigh things, I would presume that this is something related to the previous hacking incident (of 2016), if not totally the same — but on a different machine.
I was having online chitchat with a friend last night and he was saying the possibility that the data hacked came from what was used during the COMELEC Mock Elections from a few weeks ago.
The questions now:
- Was there really a hacking/cracking incident that happened?
- Was it really the COMELEC server/s that was/were hacked (or cracked)?
As of this writing, I will tend to believe that if it did really happen, it is more probable that what is/are involved could be owned and operated by any of the election body’s service providers or suppliers.
COMELECHacked and “Protect Our Vote” trended on Twitter Monday evening.