ONLY the subdomain and not the actual app was affected by an recent hack by Deathnote Hackers against theGov PH Super App, a centralized platform for accessing various government services. The group asserted they had uploaded a defacement file to a subdomain of the eGov website, potentially exposing a vulnerability, but the DICT said otherwise.
In a report by Carlos Nazareno on that appeared in NewsBytes.ph, Department of Information and Communications Technology (DICT) Undersecretary David Almirol Jr. marked the app as safe while calling for “more whitehackers and cybersecurity experts to help us and conduct independent VAPTs on our eGovernment platforms.”
The DICT swiftly addressed the situation, assuring the public that the eGov Super App itself was not compromised. clarified that the hackers had only managed to upload a file to a subdomain used for hosting public assets, such as LGU logo images.
This subdomain, being a Simple Storage Service (S3) bucket, is solely for file storage and not for executing code, making it impossible for the type of attack outlined by the hackers to be successful.
Furthermore, Almirol emphasized that the main eGov website, e.gov.ph, and other eGovernment systems were not impacted.
The DICT has taken proactive steps to preserve the attackers’ files and logs and has submitted them to the National Computer Emergency Response Team Philippines (NCERT) for further investigation.
This incident underscores the constant vigilance required to safeguard digital platforms, especially those handling sensitive government data.
The DICT has called for increased collaboration with white hackers and cybersecurity experts to conduct independent vulnerability assessments and penetration tests on eGovernment platforms to ensure their ongoing security.
“We are not perfect but we’re doing our best, and with joint efforts of more patriotic IT experts we can solidify our egovernment systems. So that once in a lifetime we will be able to serve the public better with trust and confidence,” Alimrol said in a LinkedIn post.
Comments on social media praised the DICT’s prompt response and transparent communication which have reassured the public that their data and the platform’s integrity are protected.