| Inside Scoop | Breaking News | Video | Blog Index | Participate | Humor | |
| Politics | Economics | New Media | Technology | Green Living |
[UPDATED] The website of the Philippines' Department of Health was hacked last night, with the offender naughtily placing penises on a photo of the country's health chief where he supposedly demonstrates that paper horns are better and safer than firecrackers to herald the new year. The photo supposedly shows Health Secretary Francisco Duque III blowing a paper horn which was replaced by a bunch of penises. There appeared to be no signature or note left by the hacker. The hacked page was made to look like this:
The page contains a press release on Duque's reminder to the public to stay away from firecrackers which kill and injure hundreds each time Filipinos welcome New Year's Day. Duque also recommends a ban on dangerous firecrackers. The hacked page was also visible in the frontpage of the department's website.
Minutes after this report was published, administrators took down the hacked photo and replaced it with the original:
This was not the first time hackers penetrated Philippine government websites. Last January 3, 2008, hackers redirected three government websites to the website of theme park Enchanted Kingdom. These were the Department of Justice, the Philippine National Police Criminal Investigation and Detection Group, and Information Technology and Electronic Commerce Council. Ironically, the DOJ and the PNP CIDG are major parts of the Philippines' criminal justice system. Although then-Justice Secretary Raul Gonzalez ordered an investigation, nothing was heard on the outcome of the probe. The 2008 incident apparently poked fun at a speech by President Arroyo where she enjoined Filipinos to join her in traveling to Enchanted Kingdom or a First World Philippines in 20 years. Thanks to @tjmanotoc on Twitter for the heads up.
Related StoriesTIM pulls out from SMARTMATIC, endangers Philippines first automated elections in 2010 (story by Pinoy Buzz) Philippines mudslides, floods kill estimated 100 people (story by Breaking News) Storm drifts away from Philippines (story by Breaking News) Online uproar exposes Philippines relief aid fiasco (story by Bullet Points) Suspected Korean gangsters killed in the Philippines (story by Flying Yangban) Pacquiao Watch: Money versus money (story by Chronicles from Mindanao by a Mindanao Journalist) Comments
Just for the record, the DOJ website was not hacked in January 2008; it was a simple misconfiguration. I've informed the DOJ admin of the problem as early as Nov. 2007, but there was no action.
anong di naHack? LoL......baket kailangan mo inform? pabayaan mo sila ng magising gising sila pag na homepage defacement sila ulet
panibagong ad campaign nila ni "Dick" Gordon
Does anyone knows who did the click?.... lols I know one...
meron pa din www doh gov ph /bosesngmasa
Wtf backdoor???? daw sabi ng IT? obyus naman na login yan....ang stupid naman kasi kung sino man yung user nila na "password" nya ay "password"
bwahahahaha!! that IT sucks! don't they know how to check the exploits and vulnerability of their site....
kung babaguhin man yung page bat ilalagay pa banner ng DOH at kung ano anong abubot.....LoL nakakahiya IT nila
Sa tingin nyo ba IT ba talaga ang nag papatakbo nyan? Baka naman Family business ni secretary ang nag papatakbo nyan, na wala naman talagang experience sa larangan ng IT. ^,.,^
ang tanong....yung hacker baka taga DOH mantakin mo twice na
ang alam ko di naman talaga IT ang mga nasa web nila, kawawa naman. hehe
Kung di IT mas nakakahiya...hahaha
http://websecurebycapo.blogspot.com/
The cyber-security in Philippine government offices is outrageous.
parang ibig sabihin d2 ng hacker na madaling pasukin ang inyong system... paki inform i2 sa it head nyo... para ayusin
Mga bobo ang mga taga gobyerno...
LOL! yun lang masasabe ko, jusko naman 2006 pa ren yung footer nila hangang ngayon... :-l Lax kasi masyado web security mga government website eh yan tama yan para matauhan sila na mag update
Gawa din ng IT nyo yan, namali lng ng file name nung picture na na post. Pinalabas na nahack. LoL!
bka school project lng yang website na yan at gnwa ng official website ng doh..tipid, lol..kahiya nman...
puro kasi low budget mga website ng gobyerno kasi binubulsa nla!!sana ang hinahack nla ang sa BIR! hahaha LOL..i think Drupal CMS gamit nla sa DOH website.
tama lng sa knila ksi kung sino sinong mga kamaganak lng ang ina appoint para maging it.....hahahaha
Francisco Duque III deserves this kind of treatment. One of the wannabe in our government. Always showing his freaking face pretending to inform us about health issues like viruses, stopping the use of fireworks but at the other side of it, he's just campaigning himself. It's like hitting two birds in one stone.
dude ang luma bulok websites nyo, halos lhat .gov sites eh sqli vulnerable, xss infested, noobs nyo wag na kayo mag tayo nang websites basta pinas bulok
Hmmm, Better hosting for our national websites PLEASE... This might also be a "dress rehearsal" for a massive online attack this coming May... to foul-up election results... Take a pick among the circulating "failure of elections" scenarios, anyone?
galit siguro kay duque yung hacker. mapapel kasi itong si duque. kung napanood nyo sa tv yung mga sinusunog na baboy na tinamaan ng ebola virus sa bulacan, si duque ang nakaharap sa media at nagpapa-cute sa halip na ipaubaya na nya dapat yung interview sa mga kasama nya dun sa site na mga doktor sa hayop na taga bureau of animal industry na sila mismo ang nakakaalam ng tungkol sa kahayupan at sila mismo ang aktwal na nagtatrabaho sa pag-euthanize. kulang ba o sobra sa pansin si sec. duque?
mahina IT ng mga government site ... kesa kasi mga class A na IT ang kukunin ... eh mga fresh grad na kaya lang nilang utuin ... less budget ... more personal kaban ng cash ...
Hahaha alam nyo ba na di lang pala twice nahack DOH 3 times nung December pinagtitripan nalang ata mga admin nila, nabasa ko sa newzaroundus . com
Masyadong kumpante ang goverment.Ang hilig kasi gumamit ng common na password kaya dali mapasok.No brainner na yan kahit newbie kaya ng pasukin yan.Puro ftp lang upload niyan.Sobrang katamaran kasi yan.
Napansin kong ang mga na-hack na websites ay gumagamit ng Drupal at Joomla CMS. Alaeh! Dali palang i-hack ang mga to.
for me ang pag kakaalam ko hini naman po kase pinag 22onan ng pansin ng goverment natin ang mga IT hindi naman po talagang mga pro ang kinukuha nila.... nag try na me mag OJT sa goverment isa lang napatunayan ko mas magaling pa ang student kase sa IT nila and "failure of elections" malabo po yan khit palit palitan man nila ang website iba pa din yng WEBSITE sa database
look likes need a help.. I am the hacker
E pano naman kasi ang mga IT usually ng gobyerno eh accounting ang tinapos or commerce or totally unrelated sa IT. Ampf!
whoa....kaw po ezekiel nanghack sa DoH?
I don't believe na nahack ang DOH. Tingin ko inside job yan. Isa pong paraan lamang siguro to para i-kondisyon ang tao na there's a possibility that systems can be hacked in the government. Who confirmed and made the findings na nahack nga? NCC ba o doctor ng DOH? :) I think matetrace nila to because of the log files kung sino ang pinakalast na nag-access and nagmade changes sa site nila kung hindi ano yun wala silang tauhan na competent to manage this. Hindi ganito tumira ang mga hacker. Masyado kasing personal ang tira and timing malapit pa ang election.
Sir Felix yun nga masama eh mukhang na-edit pati log files kung makikita nyo sa newzaroundus halatang hanggang sa server may access yung hacker
Malamang nag lalagay ang mga powerful guys ng takot sa mga tao which is gagamit ng mga machines for the up coming automated elections. Likodkwaderno
May mga tanong ako sa inyo: 1. May suggestions ba kayo sa gobyerno kung paano iimprove ang security ng kanilang websites? 2. Pwede tayong mag-apply ng kopya ng birth/marriage/death certificates, magpareserve ng business name, kumuha ng TIN, magpa-appointment para sa passport. Ano pang mga government transactions ang dapat gawin nang available online through government websites? Sana makasagot kayo
Naku.. sobrang obvious personal yung tira... hindi ganyan mag hack un mga pro.. simple..papalitan yang buong homepage ng simpleng greetings ng grupo nila..walang ititira...dalawang posibilidad nkikita ko jan.. una, hindi yan papalitan basta basta lng kung hindi binayaran yan ng may personal n galit ky Duque pra i-upload yan photos n yan. ikalawa, strategy yan lang pra maka-hingi ng budget para sa isang malaking IT security project, natural cut-kong n naman yan..
to improve security, stop venturing on cheap hosted services. instead, government should have their own data center where all government agencies systems are hosted. in the case of DOH site, DOST should answer for it since the site is hosted in their system.
To create solid and strong IT infrastructure in our Government Institutions, not to mention reliable security with E-commerce services, they must hire Certified IT Professionals, who is competent in each of their respective field. This is also a wakeup call to all our fellows in the same pool that we must update ourselves to current and latest technologies, proven with certificates, so to speak.
Felix, fyi lang, kahit mga IT ng NCC mga pulpol. Kung gusto mong makahanap ng matinong IT, wala na sila sa gubyerno.
Bakit ito nangyayari: 1st: maraming security flaws sa government site. 2nd: hindi nkakasabay ang pilipinas sa latest trends in website security. halos hindi updated ang mga website. kahit mga script kiddie kayang i-hack mga website sa pilipinas. Ang ginamit sa DSWD is a simple sql injection. katulad rin ng flaws sa national bookstore. Ateneo de Zamboanga is also a sql vulnerable site. there are lots of website nah vulnerable d2. sa DOJ nman is a xxs attack, it is redirected to Enchanted Kingdom. Ang masasabi ko lang tamad lang ang mga IT ng gobyerno kya nangyari ito. they can do some penetration on the sites they create, then improved its security kapag may nkita silang vulnerabilities.
... haha dpt lng un sa kanila... at mlking posibilidad nga na taga DOH ang mga hackers or mga pinatalsik nila dahil alam na ang kanilang mga kabulastugang ginagawa sa pamahalaan.
shet! hardcore.. tingin ko, partly me point din yung hackers e.. i mean they voiced out some of our country's problems.. no offense.. and i'm not being biased.. i hope na kahit pano, makita din ng government point nila..
Bulok na ang teknolohiya dito.... Patapon na nga ginagamit pa kaya na-hack...
Babayaran siguro ng mga corrupt na pulitiko yung mga hacker para manipulahin ang resulta ng automated election.... Ma-uuso ang "poll-automated-hacking" hindi na "run-balota-run"
@Tonyo Cruz Kung ang flaw ay sa Content Management Sysmte (CMS), ang maisa-suggest ko ay Plone or Drupal. Medyo pareho ang implementation nila sa security but mas secure talaga ang Plone. Our government should invest on these open source technologies. Visually and Usability wise, para maganda ang next launch ng mga na-hacked na site or any Government website, yung magde-design should go into the process of Information Architecture.
im also a webmaster on a government site but LGU...nagtitipid talaga ang mga nasa pwesto for IT matters...di nla alam IT ang nagpapatakbo ng mga income generated na systems di lng ang tao mismo...and suggest ko sa CICT na may dedicated na sana cla na host for government web apps and sites only para one line lng...den level999 ang security dapat...malayo pa talaga tayo sa ibang bansa in terms of technology. puro mukhang pera kasi ang nasa pwesto. dapat development ang pagtuonan ng pansin.
tama malayo pa tau sa ibang bansa in terms of security.. Pero ang mahirap ngaun, kahit gaano ka secure ang isang website, pede pa rin itong mpenetrate. Sa sobrang daming pagbabago d nkakasabay ang pilipinas.
so panu yan..akala ng marami, un 2012 phenomena ang inaabangan ng marami. un pala un 2010 election. for sure yan, ngaun palang naka handa n un mga hackers pra sa isang showdown. whew! |
  95 snakes found in burst bag at Malaysia airport  China introduces ID check for mobile phone owners  Meet Cambodia's anonymous blog author 'Details are Sketchy'  Japan approves economic sanctions against Iran  The art of demystifying wine  French 'Spiderman' in Sydney court over climb  Dolphins caught, not killed, in Japan cove  Karzai: Afghan govt will back Kabul Bank |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
