2022 Philippine Elections

3 men arrested over Smartmatic ‘data breach’

Dwight de Leon
3 men arrested over Smartmatic ‘data breach’

BRIEFING. The Philippine National Police and the Cybercrime Investigation and Coordination Center hold a press conference to announce the arrests of three men in connection with the supposed data breach involving Smartmatic.

CICC screenshot

Despite the controversy, authorities say no data in connection with the 2022 polls have been acquired by hackers' group XSOX

MANILA, Philippines – Authorities announced on Tuesday, April 26, that it arrested three members of a hackers’ group allegedly behind the supposed data breach involving poll software provider Smartmatic.

In a press briefing, the Philippine National Police (PNP) and the Cybercrime Investigation and Coordination Center (CICC) said hackers tied to XSOX were captured following an entrapment operation in Imus City in Cavite and Sta. Rosa City in Laguna on Saturday, April 23.

CICC chief Cezar Mancao said his agency’s operatives met with the group three times prior to Saturday’s operation, pretending they were interested in group’s plan to manipulate election results. The men were allegedly seeking to scam interested politicians.

XSOX supposedly asked CICC agents for a P60-million payment for their services, and a P10-million downpayment.

“The threats to rig the electoral process especially on hacking is substantially diminished as these are the only remaining known hackers who are persistently visible on the dark web claiming that they could manipulate the elections,” Mancao said.

Based on the result of National Bureau of Investigation’s (NBI) probe, which was presented to the Senate electoral reforms panel on April 19, XSOX first contacted Smartmatic through an email on January, claiming it had “infiltrated” the company’s networks.

In the days that followed, XSOX also posted on Facebook photos of files it allegedly took from Smartmatic.

The files they got were from a rogue employee who, according to investigators, “shared his credentials to an unknown third person whom he met through Facebook Messenger allegedly in exchange of free lectures.”

Smartmatic said the employee was fired in January, and that more stringent measures have been enforced since then.

Despite the controversy, no data in relation to the 2022 polls have been acquired by XSOX.

The NBI also disputed hackers’ claim that they were able to download 60 gigabytes worth of election-related data.

That was in reference to the Manila Bulletin report in January which first reported about the supposed data breach, although the Comelec later pointed out several loopholes in that story.

“When you compare it to the logs provided by Smartmatic, the former employee was only able to download 4 gigabytes of information,” NBI cybercrime division chief Victor Lorenzo said. “That is why even if XSOX is threatening Smartmatic and the public that they are going to expose sensitive information, until now, they have failed to fulfill their threat.”

The three men arrested will face charges for violation of the Cybercrime Prevention Act of 2012, the PNP said.

Smartmatic has bagged a total of P3.119 billion in deals for the 2022 polls, including the P402.725-million contract for the Comelec’s procurement of the automated elections system (AES) software for the May 9 vote. 

The poll body withheld part of the payment to Smartmatic, until the tech company is cleared from the breach mess. – Rappler.com

Dwight de Leon

Dwight de Leon is a multimedia reporter who covers local government units and the Commission on Elections for Rappler.