The website of the Philippine National Police Anti-Cybercrime group was taken down for maintenance late this week.
As of the time of reporting, visiting their website at https://acg.pnp.gov.ph displays the following message:
“We’ll be back soon!
Sorry for the inconvenience but we’re performing some maintenance at the moment. You can always get in touch if necessary; if not, we”ll be back up soon.
— The Team”
Despite having a “mailto:” hyperlink with the “get in touch if necessary” text on the page, clicking on the link does nothing as there is no e-mail address attached to the malformed mailto link (encoded is “a hre=” instead of “a href=”).
A typographical error on their maintenance message (quotation marks instead of an apostrophe in “we’ll”) and examining the source code of the PNP ACG maintenance message page also shows invalid HTML indicates a lack of attention to detail on the part of the website administrators.
PNP ACG took down their website following a claim on Sunday, March 3, by the hacking group Philippines Exodus Security and Vend3tta from Philippine Cyber Mafia that they had managed to enter PNP ACG’s systems and gained access to internal SQL databases.
The cyber actors posted screenshots of their reported exploit on their social media pages as proof and tagged the PNP ACG in their post.
Displayed on the screenshots were what appeared to be the e-mail, password hash, username, registration date and ID of an individual from the database (claimed by Vend3tta to be of the system administrator), as well as database schemas.
Following the taking down of the PNP ACG website for maintenance, Philippines Exodus Security praised the PNP ACG on March 7 for taking action.
