ADVERTISEMENT
Manila Bulletin devider Opinion devider Double breach highlights critical cybersecurity lessons for PNP

Double breach highlights critical cybersecurity lessons for PNP

Sensitive data compromised in two separate breaches, exposing the urgent need for strong cybersecurity measures

Published May 23, 2024 04:08 pm

FROM BEEPERS TO BYTES

ARTSAM.jpeg

In a clear reminder of the fragility of digital security, the Philippines National Police (PNP) has once again fallen victim to a cyber attack. The elusive hacker known as ph1ns has breached the PNP's systems twice, compromising sensitive data and exposing the need for robust cybersecurity measures. (Check this story for context: https://mb.com.ph/2024/5/21/hacker-ph1ns-strikes-again-compromising-philippines-national-police-systems)

First, the attacker targeted the "PNP Logistics Data Information and Management System" (PLDIMS), leaking over 393,894 rows of personal information. High-ranking officials, including the Chief PNP and the spokesperson, were among those affected. The hacker then continued his exploits breaching the PNP's online system of the Firearms and Explosive Office. Data exposed include full names, birthdays, civil status, emails, mobile numbers, TINs, and next of kin with details. What's alarming is that the hacker showed proof that he had gained access to the information of the 679,910 individuals who registered their guns to the agency.

The latest attack occurred when the hacker exploited a Local File Inclusion (LFI) vulnerability and bypassed email verification on the PNP's Firearms and Explosives Office (FEO) Online License/Permits Application platform, stealing approximately 1.6 terabytes of data.

In the wake of the breach, cybersecurity researchers suggested several measures to prevent future incidents, such as deploying Web Application Firewalls (WAF), patching vulnerabilities, and monitoring connections to sensitive services.

Following the breach, the Department of Information and Communications Technology (DICT) has initiated a collaborative investigation with multiple law enforcement and intelligence agencies. Jeffrey Ian C. Dy, DICT Undersecretary for Infostructure Management, Cybersecurity, and Upskilling, informed the Manila Bulletin that the department met with the National Bureau of Investigation (NBI), Philippine National Police (PNP), and National Security Council (NSC) on Monday, May 20. According to Dy, this whole-of-government approach leverages the strengths and resources of various agencies, ensuring a more comprehensive and effective response to securing the government agencies' data. By collaborating, these agencies can share information, coordinate actions, and apply their specialized expertise, resulting in a robust defense against cyber threats and a more resilient national cybersecurity posture.

"We will approach this collectively with the law enforcement and intelligence agencies," Dy stated. "We are already identifying the cybercriminal known as PH1NS and are confident we will be able to locate him/her and his collaborators. We have discovered how he infiltrated the system and moved laterally from one PNP system to another. We also have his tactics, techniques, and procedures (TTPs)."

Dy highlighted the ongoing international crackdown on cybercriminals. "The FBI has taken over Breachforums. Meta and YouTube are cracking down on hacking collectives targeting government and civilian computer systems. We are also coordinating with our international partners to share information gathered from these takedowns to apprehend local cybercriminals," Dy added.

The recent breach serves as a lesson learned for the PNP and other organizations. In the digital age, vigilance and proactive defense are paramount to safeguard against the ever-evolving threat of cyber attacks.

 

Related Tags

Art Samaniego Jr.
ADVERTISEMENT
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

{{ item.title }}
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ item.title }}

{{ articles_filter_1564_widget.title }}

{{ item.title }}
.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function initializeAllSwipers() { // Get all hidden inputs with cms_article_id document.querySelectorAll('[id^="cms_article_id_"]').forEach(function (input) { const cmsArticleId = input.value; const articleSelector = '#article-' + cmsArticleId + ' .body_images'; const swiperElement = document.querySelector(articleSelector); if (swiperElement && !swiperElement.classList.contains('swiper-initialized')) { new Swiper(articleSelector, { loop: true, pagination: false, navigation: { nextEl: '#article-' + cmsArticleId + ' .swiper-button-next', prevEl: '#article-' + cmsArticleId + ' .swiper-button-prev', }, }); } }); } setTimeout(initializeAllSwipers, 3000); const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); let article = entry.target; // Extract metadata const author = article.querySelector('.author-section').textContent.replace('By', '').trim(); const section = article.querySelector('.section-info ').textContent.replace(' ', ' '); const title = article.querySelector('.article-title h1').textContent; // Parse URL for Chartbeat path format const parsedUrl = new URL(newUrl, window.location.origin); const cleanUrl = parsedUrl.host + parsedUrl.pathname; // Update Chartbeat configuration if (typeof window._sf_async_config !== 'undefined') { window._sf_async_config.path = cleanUrl; window._sf_async_config.sections = section; window._sf_async_config.authors = author; } // Track virtual page view with Chartbeat if (typeof pSUPERFLY !== 'undefined' && typeof pSUPERFLY.virtualPage === 'function') { try { pSUPERFLY.virtualPage({ path: cleanUrl, title: title, sections: section, authors: author }); } catch (error) { console.error('ping error', error); } } // Optional: Update document title if (title && title !== document.title) { document.title = title; } } } }); }, { threshold: 0.1 } ); function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // Offset values const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } const sentinel = document.getElementById("load-more-sentinel"); if (!sentinel) { console.log("Sentinel element not found."); return; } function isSentinelVisible() { const rect = sentinel.getBoundingClientRect(); return ( rect.top < window.innerHeight && rect.bottom >= 0 ); } function onScroll() { if (isLoading) return; if (isSentinelVisible()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { let article = document.querySelector('#widget_1690 > div:nth-last-of-type(2) article'); intersectionObserver.observe(article) loadCount++; }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; }); } } window.addEventListener("scroll", onScroll); });
Join Our Newsletters

Sign up by email to receive news.

© 2025 Manila Bulletin The Nation's Leading Newspaper. All Rights Reserved.