The Cybercrime Investigation and Coordinating Center (CICC), an attached agency of the Department of Information and Communications Technology (DICT), said Friday there was no hacking on the Commission on Elections' (Comelec) website but they believed the system of the poll body's software contractor, Smartmatic, was compromised.
"As far as stated by our (DICT) good acting secretary (Manny) Caictic, they (Comelec) said there was no hacking on the Comelec servers... We agree to that at this time," CICC Undersecretrary Cezar Mancao said during the Joint Congressional Oversight Committee on the Automated Election System (JCOC-AES) hearing.
"And we also have found out that the ones with breach of the system as we have gathered from our sources...on the contractor of the Comelec, Smartmatic, we believe that their system is compromised, and that we are not also accusing them... at this moment," he added.
In May 2021, Comelec announced it has awarded to Smartmatic a P402-million worth of contract for the "Procurement of Automated Election System (AES) Software for the Election Management System (EMS), Vote Counting Machines (VCMs) and Consolidation and Canvassing System (CCS) to be used in the 2022 National and Local Elections.”
It came although President Duterte already advised the poll body to “dispose of that Smartmatic and look for a new one that is free of fraud." Since 2010, Smartmatic has been Comelec's election technology provider.
Mancao's statement came after lawmakers filed a resolution to conduct an inquiry following Manila Bulletin' report on January 10 that Comelec's servers were hacked and that sensitive data were downloaded. The poll body eventually denied it.
Mancao said CICC's initial findings based on their investigation revealed that "there is sufficient indicators that there is technical information," among others, that were breached.
"It gave us a reason to believe that there is really a need for us to take this inquiry into a higher level in order to zero in on the source of the information," he asserted.
Thus, Mancao requested JCOC chairperson Sen. Imee Marcos for an executive session to be able to disclose the information the agency gathered.
Meanwhile, Comelec spokesman James Jimenez maintained that the various data that were allegedly hacked are not yet on the Comelec's website. However, there is a possibility that some of them, including the TIN number, will be uploaded in the future.
He added there is still no data about the 2022 elections, contrary to what was reported.
"That is highly unlikely, almost not possible, primarily because a lot of the data that we have are confidential," Jimenez said, referring to the hacked data.
Comelec Commissioner Marlon Casquejo also assured the lawmakers that the voters' information are safe.
"It is offline and it is located in a very secure memory configuration room, where the only way you can hack it is not through cyber attack, but you have to enter into that room and enter the two passwords by our supervisors," he said, adding that Smartmatic does not even have access to that room.