Screenshot from Rappler interview
MANILA, Philippines – The recent hacking attacks against the Commission on Elections showed the weakness of its website but won’t necessarily translate to potential election fraud, cybersecurity professional Rene Jaspe said on Thursday, May 5.
In an interview with Rappler, the co-founder of local information security firm Sinag Solutions told Rappler that the hacking incidents will have "no direct effect" on May 9 since the election system to be implemented is an entirely separate entity from information technology (IT) system used by the poll body for its website.
“The direct impact on the elections seems to be minimal since the system to be used during the election proper is really different and I assume is strictly secured enough than what they had for the website,” Jaspe said.
However, he said that it would have been better if some features of the system were released to the public.
“Karen Jimeno mentioned that they’re using a minimum standard encryption for US defense-grade security,” Jaspe said. “But I can't really comment much on how secured because they didn't give any specifics. It would have been nice if they mentioned a specific technology that they used so that the security community that can say that yes, the election system is really secured.”
‘Worst that could happen’
The worst that could happen, according to Jaspe, would be an attack on the transmission process of the results. But that would be a “hard job” considering the short period of time.
“If it's only up in the certain time, the only attack is the availability and probably similar to a DDoS attack which can lead to non-transmission,” Jaspe explained. “But since transmitting only takes a short while, hackers won't be able to do so much.
“They have to get certain type of information to do so and that could take a long time” he added.
Distributed denial-of-service (DDoS) attacks happen when an online system is overwhelmed or flooded from multiple sources to make its service unavailable or inaccessible. (READ: Malware, phishing, cybersecurity: Terms you need to know)
He emphasized that the effects of the massive Comelec data leak – the biggest government-related data leak in the Philippines – will not be felt immediately long after the polls.
“The massive breach won't affect the elections now but it can in the next elections especially with the extent of the leak as they can still mine the data,” Jaspe explained. “The effect will be felt long, long...after the upcoming elections and will have an ongoing effect on privacy.”
Hackers not out to manipulate elections
The perpetrators behind the recent cyberattacks against Comelec weren’t really out to damage the electoral process in the Philippines. Their actions were more for the “bragging rights” among the hacking community.
“They didn't do it to manipulate the elections,” Jaspe emphasized. “I think it’s just for the recognition and they would go on down in history.”
“Their names will forever be put in the major breaches and for them, that's the thrill,” he added.
But Jaspe hopes that that the Comelec breach will lead to a change in perception of Filipinos on the importance of cybersecurity. After all, it is the “government data breach in the Philippines and even surpassed that of the United States government leak.”
“With my dealings with local clients, cybersecurity isn't that on the top of their minds right now,” he said. "Compared to the region, we're around 7 to 10 years behind compared to Malaysia. We're getting there, we're trying to but there's a lot of catching up to do.” – Rappler.com
Jodesz Gavilan is a writer and researcher for Rappler and its investigative arm, Newsbreak. She covers human rights and also hosts the weekly podcast Newsbreak: Beyond the Stories. She joined Rappler in 2014 after obtaining her journalism degree from the University of the Philippines.