Double breach highlights critical cybersecurity lessons for PNP

Sensitive data compromised in two separate breaches, exposing the urgent need for strong cybersecurity measures


FROM BEEPERS TO BYTES

ARTSAM.jpeg

In a clear reminder of the fragility of digital security, the Philippines National Police (PNP) has once again fallen victim to a cyber attack. The elusive hacker known as ph1ns has breached the PNP's systems twice, compromising sensitive data and exposing the need for robust cybersecurity measures. (Check this story for context: https://mb.com.ph/2024/5/21/hacker-ph1ns-strikes-again-compromising-philippines-national-police-systems)

First, the attacker targeted the "PNP Logistics Data Information and Management System" (PLDIMS), leaking over 393,894 rows of personal information. High-ranking officials, including the Chief PNP and the spokesperson, were among those affected. The hacker then continued his exploits breaching the PNP's online system of the Firearms and Explosive Office. Data exposed include full names, birthdays, civil status, emails, mobile numbers, TINs, and next of kin with details. What's alarming is that the hacker showed proof that he had gained access to the information of the 679,910 individuals who registered their guns to the agency.

The latest attack occurred when the hacker exploited a Local File Inclusion (LFI) vulnerability and bypassed email verification on the PNP's Firearms and Explosives Office (FEO) Online License/Permits Application platform, stealing approximately 1.6 terabytes of data.

In the wake of the breach, cybersecurity researchers suggested several measures to prevent future incidents, such as deploying Web Application Firewalls (WAF), patching vulnerabilities, and monitoring connections to sensitive services.

Following the breach, the Department of Information and Communications Technology (DICT) has initiated a collaborative investigation with multiple law enforcement and intelligence agencies. Jeffrey Ian C. Dy, DICT Undersecretary for Infostructure Management, Cybersecurity, and Upskilling, informed the Manila Bulletin that the department met with the National Bureau of Investigation (NBI), Philippine National Police (PNP), and National Security Council (NSC) on Monday, May 20. According to Dy, this whole-of-government approach leverages the strengths and resources of various agencies, ensuring a more comprehensive and effective response to securing the government agencies' data. By collaborating, these agencies can share information, coordinate actions, and apply their specialized expertise, resulting in a robust defense against cyber threats and a more resilient national cybersecurity posture.

"We will approach this collectively with the law enforcement and intelligence agencies," Dy stated. "We are already identifying the cybercriminal known as PH1NS and are confident we will be able to locate him/her and his collaborators. We have discovered how he infiltrated the system and moved laterally from one PNP system to another. We also have his tactics, techniques, and procedures (TTPs)."

Dy highlighted the ongoing international crackdown on cybercriminals. "The FBI has taken over Breachforums. Meta and YouTube are cracking down on hacking collectives targeting government and civilian computer systems. We are also coordinating with our international partners to share information gathered from these takedowns to apprehend local cybercriminals," Dy added.

The recent breach serves as a lesson learned for the PNP and other organizations. In the digital age, vigilance and proactive defense are paramount to safeguard against the ever-evolving threat of cyber attacks.