During the online hearing conducted by a joint congressional oversight committee on Friday, Jan. 28, the Cybercrime Investigation and Coordinating Center (CICC) said it found the same conclusion arrived at by its mother agency, the Department of Information and Communications Technology (DICT), that servers of the Commission on Elections (Comelec) were not hacked, contrary to the claim by a report of the Manila Bulletin.
Comelec spokesperson James Jimenez and commissioner Marlon Casquejo both appeared at the virtual meeting to reiterate the earlier statement of the poll body that none of their data servers were breached, pointing out that the hacked data mentioned in the published story were non-existent.
Jimenez also asked about the “verification” process supposedly made by Manila Bulletin regarding the hacking before it published the story. The publication’s Technews team, represented by its editor Art Samaniego, was not able to address the query.
“As it turned out, evidence from our side showed that no hacking did take place and that the information that was supposed to have been taken from the Comelec was in fact not from the Comelec,” Jimenez emphasized.
However, CICC executive director Cesar Mancao told the congressional panel that the servers of Smartmatic, the supplier of the Comelec’s automated election systems, may have been compromised.
“We agree [with the finding of the DICT] that there was no hacking of the Comelec website. But the contractor of the Comelec, Smartmatic, we believe their system is compromised,” Mancao said during the hearing.
He said their initial findings revealed sufficient indicators that hackers were able to obtain significant data related to the Automated Election System (AES). Mancao then requested for an executive session to discuss in details the results of their investigation.
DICT acting secretary Emmanuel Rey Caintic, who was also present at the virtual hearing, said the agency immediately coordinated with Comelec as soon as the alleged hacking was reported.
Caintic said based on the investigation conducted by the DICT’s cybersecurity bureau, the pilfered data mentioned by the Manila Bulletin amounting to 60GB was indeed non-existent.
Those data sets were not available at the Comelec website, Caintic said, adding that the country’s basic election data is stored at the iRehistro website, which was offline at the time the supposed hacking happened.
Casquejo, for his part, refuted the claim Manila Bulletin that the hacked data was for the 2022 election. He said the data reported by the newspaper do not even match the data for the 2019 elections.
Casquejo said the claim that the data was for the 2022 polls was completely false because the agency is still in the process of collating election information such usernames, PINs of vote-counting machines, and locations of clustered precincts.
The Comelec commissioner said the National Bureau of Investigation (NBI) has also inspected its facility in Sta. Rosa, Laguna where the AES is being prepared and found no signs of hacking or any type of breach.
“The source code of the AES is also stored in a vault at the BSP (Bangko Sentral ng Pilipinas) so it’s very safe,” Casquejo said.
