A controversial political leader, Rodrigo Duterte, has won the recently held presidential elections in The Philippines. He had undertaken an extremely inflammatory campaign, propagating draconian measures for handling issues related to drugs and crime. This 71-year-old leader, who has been a long-time mayor of the southern city of Davao, had used highly filthy and cuss-filled language during the election campaign. Although he spoke against laws on human rights and abused the Pope, he still won with a large popular support. Because of Duterte’s maverick approach and obvious comparisons with the US Presidential hopeful Donald Trump, media attention during this election remained focused more on various theatrics. Now, after the heat and dust of the election is over, it is important to analyse a few issues that did not receive adequate attention during the campaign phase, but which are vital not only from the perspective of The Philippines but globally as well. One such issue is cyber-attack on the database of The Philippines Election Commission. This attack is considered as the worst ever government data breach anywhere in the world.
The leakage of data began on March 27, 2016. Immediately, the Commission on Elections (COMELEC) reported that it was limited to the hacking of its website and not the entire electoral database. COMELEC is responsible for all website-related operations including security. Subsequently, it became evident that almost all the records were compromised, causing significant damage. The hacking was carried out in phases. First, the website was hacked and, subsequently, the database was mined and the information leaked. The job was done not by one but multiple hacking groups. The following appears to have got compromised:
Information relating to approximately 55 million registered voters such as names, dates of birth, addresses, Voter Identification Numbers (VIN), etc.
1.3 million records of overseas voters, known as Overseas Filipino Voters (OFV). The stolon data included their passport details too.
Details of all candidates participating in the election.
Old records from 2010 onwards, including 15.8 million records of fingerprints.
Immediately after the data was stolen it was made available on the internet. The basic question that arises after such a massive cyber-attack is this: who were the perpetrators of this attack and what could have been their motive?
Some agencies with technical expertise have attempted to decipher this attack. Their immediate conclusion was that the election commission had not taken adequate measures to ensure security. On March 27, the COMELEC website got hacked by a group called Anonymous.