MANILA, Philippines (UPDATED) – Shortly after Anonymous PH defaced the Commission on Elections (Comelec) website, another group accessed the data of the poll body’s website, posting it publicly online.
In a Facebook post before midnight Monday, March 28, a group calling itself LulzSec Pilipinas wrote, “A great lol to Commission on Elections, here’s your whoooooole database.”
This appears to be the first major open leak of elections-related data by a hacker group in the Philippines.
The data exposes not only include publicly available information, but also voter data, voter registration data, and databases relevant to the functionality of the website.
As of early afternoon Monday, the Facebook post had 3 mirror links to an index of files that could be downloaded.
According to the Readme text accompanying the files, these files are “the whole database leak of Commission on Elections.”
The group added that while “some of the tables are encrypted by Comelec,” it has “the algo(rithms) to decrypt” the data.
The files include comweb.sql.qz, a 312GB archived file.
Meanwhile, the Comelec assured voters that it can protect the votes on May 9 despite the hacking of its website.
The security for the poll body’s website “is not as tight” compared to the security of the voting process, which needs to be secure “come hell or high water,” Comelec Spokesman James Jimenez said. (READ: How does the PH automated election system work?)
He also said that while the Comelec website’s look changed, the databases are intact and were available to the public.
The Comelec, however, is taking time to ensure that any malicious code is removed and no backdoors are left by hackers for later intrusions.
A review of the site’s databases was also ongoing, with Jimenez hoping that the Comelec’s apps would be operational again by Monday noon, depending on the amount of intervention needed.
The Comelec previously figured in an IT-related issue when it downplayed errors in its online voter records, called the Precinct Finder, back when voter registrations were being taken. In some cases, voters who registered were not listed as activated, or eligible to vote. – Rappler.com