April 8, 2016

Antivirus Firm: COMELEC Voter Data Leak “Biggest in History”

Aside from casting doubts on the integrity of the 2016 Philippine Elections, a global security software manufacturer warns COMELEC data leak opens avenues for cybercrime, .

In its official blog, Tokyo-based global security software firm Trend Micro reports that the March 27 COMELEC data breach “showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump” [TrendLabs].

“Every registered voter in the Philippines is now susceptible to fraud and other risks,” it added.

The COMELEC website – including the online voter database – was hacked twice in March.

The first, by online hacktivist group Anonymous, involved the defacement of COMELEC’s home page [CNN]. A simple case of online vandalism, this incident is more of a temporary inconvenience than a serious threat to data security.

The data breach, perpetrated by another group called Lulzsec Pilipinas, happened after the second hacking. Lulzsec uploaded the COMELEC’s “whole database” of over 300 gigabytes of data, available for anyone to download [Philstar].

Personally Identifiable Information

Trend Micro said, “Our research showed that massive records of personally identifiable information, including fingerprints data were leaked,” contrary to COMELEC’s earlier statement downplaying the leak.

In an earlier statement, COMELEC Spokesperson James Jimenez said the leak is unlikely to affect the integrity of the May 2016 National Elections, and that no sensitive information was compromised [Inquirer].

COMELEC Spokesperson James Jimenez
While much of the leaked data is encrypted [Rappler], some sensitive information are available in plain, unencrypted text.

“Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone,” Trend Micro said.

"Votes Obtained"

“Among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure,” said Trend Micro.

“NULL” means zero, consistent with the fact that elections have yet to start.

“The COMELEC website also shows real time ballot count during the actual elections. We can only speculate if actual data will be placed here during the elections and if tampering with the data would affect the ballot count,” it added.

COMELEC said their official vote counting system is independent from its website. In all probability, the compromised web-based system is intended for real-time vote-count updates for public consumption.

However, Trend Micro raises a legitimate concern: How will hacktivist-instigated tampering of post-election updates affect the credibility of the official election results?

For example, suppose Lulzsec switches Poe’s votes with Binay’s on May 10. The public will see this on the COMELEC website. Then COMELEC, possibly through a press conference, releases its “official count”, obviously showing different figures. How will the public react?
Not Just the Elections

Voters now vulnerable to Cybercrime

More than just the integrity of the election process, Trend Micro warns that the data can be used to commit cybercrimes.

“Cybercriminals can… use the information… to perform acts of extortion," Trend Micro said.

The company added, "In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC schemes, blackmail or extortion, and much more."

Spear phishing is an email or electronic communications that scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer. [Kaspersky]

About Trend Micro

Trend Micro Inc. is a global security software company founded in Los Angeles, California, with global headquarters in Tokyo, Japan, and regional headquarters in Asia, Europe and the Americas.

The company develops security software for servers, cloud computing environments, and small business.


Did you like this post? Help ThinkingPinoy.com stay up! Even as little as 50 pesos will be a great help!