On Saturday, Aug. 10, Philippine-based hacking group Deathnote Hackers claim to have uploaded a defacement file to a subdomain of the eGov website, alerting the Department of Information and Communications Technology (DICT) to a potential unrestricted upload vulnerability.
On Sunday evening, Undersecretary for E-Government at the DICT David Almirol stated on Linkedin the technical details about the incident.
Almirol reported that the eGov website itself located at e.gov.ph was not touched by hackers. What the attackers managed to do was to upload a file to a subdomain of the website, files.e.gov.ph.
The subdomain is a Simple Storage Service (S3) bucket used solely for hosting public assets such as Local Government Unit (LGU) logo images. Because it is an S3 bucket used exclusively for file storage and not executing code, attacks such as uploading a PHP Web Shell, (a potential scenario which Deathnote Hackers outlined) will not work on it.
The e.gov.ph website, which is a simple static promotional website, is separate from the eGov PH Super App. Almirol affirmed that no eLGUs nor eGovernment systems were affected by the issue.
Almirol also relayed that they had preserved the attackers’ files and submitted them, along with the Docker Nginx logs to National Computer Emergency Response Team Philippines (NCERT).
He also made a callout for “more whitehackers and cybersecurity experts to help us and conduct independent VAPTs on our eGovernment platforms”.
“We are not perfect but we’re doing our best, and with joint efforts of more patriotic IT experts we can solidify our egovernment systems. So that once in a lifetime we will be able to serve the public better with trust and confidence,” he added.
