The Department of Information and Communications Technology (DICT) yesterday said it has partially gained access to over 2-terabyte data network system of the Department of Science and Technology (DOST) which is still “locked out” out of its own website.
Renato Paraiso, DICT assistant secretary, said DOST’s network system is outdated compared to the system employed by the local threat actor.
In the ICT system, a technology may be obsolete in six months, but given the procurement process in the country, the fastest procurement takes 45 to 60 days.
Paraiso urged the government to consider these factors before procuring a system: it could be upgraded and it would not be obsolete in two years’ time.
The DICT’s deep investigation into the hacking incident is expected to start once full access to the data is secured.
Paraiso said DOST is locked out of its own 20 network systems and its website.
Paraiso said there was no data extraction so far as the agency was able to mitigate the attack.
“They locked out the system of the DOST but because there is no ransom yet, we cannot conclude that this is a ransomware attack unlike wh(at) happened to PhilHealth (where) there was an immediate demand,” Paraiso said.
“They encrypt your data so you can’t gain access, then later on, the latter part of ransom, they will ask you for something in return for you to give the encryption key, so you can gain access,” Paraiso said in explaining a ransomware attack.
In terms of size, the hacking incident at the DOST is one of the biggest in the Marcos administration.
The DICT said the extent of the damage cannot be fully determined yet as the investigation has yet to be completed, adding that it was able to mitigate the attack.
“We already employed remediation processes. The affected system is already isolated, the endpoints are quarantined, the WiFi is separate so really, what we are doing is to take the access and conduct an investigation on what happened,” Paraiso said.
“We have partially gained access, but we still have to have full access to the system. That is the only time we can do a deep investigation on what really happened to the system and the extent of the damage of the hacking incident. We would take as much time as possible to gain access to the system and to do our investigation,” he added.
The DICT said initially it is not ruling out anything but noting the nature of the message and the language that was used, the digital signature of the hackers is consistent with local threat actors.