“Admin123” Passwords: Exposing Millions of Filipinos to Cyber Threats

Over recent weeks, the governmental servers of the Philippines have been severely compromised by an onslaught of cyberattacks. A series of incidents revealed vulnerabilities within numerous state institutions’ systems. Experts are deeply concerned by the fact that, in certain instances, malefactors gained access to internal archives through the most rudimentary methods.

On October 3rd, a vast trove of confidential data from the medical insurance corporation, PhilHealth, was divulged online. Prior to the release, the hackers had approached the executive board to state their demands, but the company declined to pay the ransom of $300,000. This leak impacted millions, including Filipinos residing abroad, such as in Hong Kong.

Subsequently, unidentified hackers breached the website of the Philippine House of Representatives, embedding an image of a grinning troll. Administrators were compelled to temporarily disable the site, which now bears an “under maintenance” notice.

On the same page, the hackers left a message in both Tagalog and English: “Have a nice day, Happy April Fool’s although it’s still only October. Fix your website.” Later, it was discovered that an individual or group named “3musketeerz” was implicated in the incident.

Other state servers weren’t spared either: the Statistical Office of the Philippines, the database of the National Police’s forensic examination, and the websites of the Department of Science and Technology, Technical Education and Skills Development Authority (TESDA), and Clark International Airport.

In this scenario, a young hacker from the southern city of Davao claimed responsibility. He self-identifies as DiabloX Phantom and purports to be a mere 19-year-old.

During a live broadcast on platform X, he shared that he had previously been employed by state agencies as part of a Red Team of penetration testers. He rationalized his actions stating, “I am a hacktivist, and I’m exasperated that, despite the glaring issues, the government takes no substantial measures.”

For his hacks, this young individual employed various methods: for instance, he dispatched a malicious email to a TESDA employee and exploited a registration form on Clark Airport’s site to upload server access source code. Some websites already had backdoors—vulnerable entry points crafted by other hackers. The Department of Science and Technology proved to be an easy target; its administrators relied on an overly simplistic default password: “Admin123.”

It’s pivotal to note that DiabloX Phantom vehemently denies any involvement in the hacking of PhilHealth, Congress, or any other entities.

Not long after, an advertisement surfaced on the dark web offering secret military documents for sale. This revealed a breach at the National Intelligence Coordination Agency, compromising approximately 500 megabytes of data directly linked to the Philippine Air Force. Predictably, the hackers demanded payment in cryptocurrency.

On October 13th, the Department of Information and Communication Technologies acknowledged the reality of cyberattacks targeting a multitude of state institutions. The sole piece of information refuted by officials was the breach of the police service’s systems, which had also been reported amidst the flurry of October incidents. According to the department, such data is now considerably outdated.

It is now understood that PhilHealth was assailed by the Medusa Ransomware group, seemingly with malevolent intent. Upon investigation, it became apparent that the organization had failed to renew its antivirus software subscription, a lapse that might have facilitated the hackers’ endeavors.

The motivations behind the majority of actors orchestrating these cyber onslaughts remain shrouded in mystery. Carlos Nazareno, the Director of Advocacy Initiatives at Democracy.net.ph, shared his speculations with journalists, remarking, “They want to prove government systems are insecure, or they want attention, to show off their skills. Or maybe they just want to do it for laughs.”

Despite the escalating number of attacks, the government has thus far refrained from undertaking proactive measures to bolster cybersecurity. Only time will determine whether the efforts of hacktivists prove beneficial.