Suspect in Comelec website hacking nabbed

enablePagination: false
maxItemsPerPage: 10
totalITemsFound:
maxPaginationLinks: 10
maxPossiblePages:
startIndex:
endIndex:

Metro Manila (CNN Philippines) — A person of interest believed to be involved in the hacking of the Commission on Elections (Comelec) website on Easter Sunday (March 27) is now under the custody of the National Bureau of Investigation (NBI).

The suspect was identified as Paul Biteng, who hails from Sampaloc, Manila. He was arrested on Wednesday evening (April 20).

Biteng, a 20-year-old information technology (IT) graduate, confessed he hacked into the Comelec website on Easter Sunday and defaced it.

Initial investigation of the NBI revealed there were text messages in Biteng's mobile phone supposedly related to the hacking of the Comelec website.

Biteng allegedly belongs to a variety of hacking communities in the country, including Anonymous Philippines.

If found guilty, Biteng could face up to six years in prison for violation of the Anti-Cybercrime Law.

"The person that we arrested today we believe, and we have proof, that he's one member of the group that hacked the Comelec website," said Ronald P. Aguto Jr., chief of the NBI Cybercrime Division.

"This is a continuing effort on our part and so we're hoping that we'll be able to arrest and identify the other personalities involved."

Aguto added that this is just the start and that the NBI is in the process of identifying other members of the infamous group.

"Well, we know that Anonymous [Philippines] is a big group and they come from a lot of different places. For this particular group we're looking at around five or 10, I guess, but we're in the process... We had some leads on the other members so this is just a start and we're going to go for the other members," he added.

Anonymous Philippines hacked the Comelec website  on March 27, posting a message asking the Comelec to make sure the precinct count optical scan machines (PCOS) have security features in place.

Leaked Comelec database?

Investigators are looking into a massive breach of a government database — as it is also possible that personal information of over 55 million voters have been leaked.

The NBI said they have yet to confirm if the suspect has connections to a Facebook user who claims to have leaked the Comelec's database.

"There's an effort to retrieve whatever is out there. As we say, it's too early to say if gaano kalaki 'yung file na nasa kanila. And, definitely, it would not be on the computer that he had," said Aguto.

[Translation: There's an effort to retrieve whatever is out there. As we say, it's too early to say how big is the file that is in their possession. And, definitely, it would not be on the computer that he had.]

"What we have there would be the link as to where is that hosted, who was hosting it and who paid for the hosting of that site."

Aguto said they are on the hunt for at least two other people involved in the hacking.

He added the suspect claims knowing only the online identities of his accomplices.

Both the NBI and the Comelec said the breach will not affect the conduct of the elections, but refused to confirm whether what has been leaked is, indeed, the Comelec's database.

"Dun namin tinitingnan. It's not really connected to the election but to the identity theft. Kaya nga we pursued this case and we want to get to the bottom of things. We want to get, kung talagang may leak, nasaan 'yun ngayon? Sino 'yung mga nag-leak nun? Sino mga kasama? Para makita natin 'yung accountability na 'yun," Aguto said.

[Translation: We're looking into that perspective. It's not really connected to the election but to the identity theft. That's why we pursued this case and we want to get to the bottom of things. We want to get, if there is indeed a leak, where is it now? Who leaked the data? Who were his or her accomplices? So that we can identify the accountability.]

The Comelec said its website is now hosted by the Department of Science and Technology (DOST) at a more secure location.

"'Yung may-ari nung website, victim 'yan, no? The same is true for the Comelec. Because no one really wants to be hacked," said James Jimenez, spokesperson of Comelec.

[Translation: The person who owns the website is a victim, isn't it? The same is true for the Comelec. Because no one really wants to be hacked.]

"But the question is, was the wall built properly? Diyan ngayon papasok 'yung question ng was there negligence? I think, in due time, that will have to be asked."

[Translation: But the question is, was the wall built properly? The question, "Was there negligence?" now comes to the picture. I think, in due time, that will have to be asked.]

The Comelec is in talks with Microsoft and other private IT groups to find ways to boost its web security.

CNN Philippines' JC Gotinga and Isabella Montano contributed to this report.