Anonymous member arrested in Comelec website hack and 50 million Philippine voter list leak

The National Bureau of Investigation on Thursday confirmed the arrest of a suspect believed to be responsible for hacking the Philippines Commission on Elections (Comelec) website.

NBI Director Virgilio Mendez said the suspected hacker was nabbed Wednesday night through the help of intelligence gathered by the NBI Cybercrime Division.

The suspect, Paul Biteng, a 23-year-old IT graduate, who is now in NBI custody, was arrested at his house along G. Tuazon and Miguelin streets in Sampaloc, Manila at past 7 p.m.

He will be hit with charges for violation of Section 4A-1 of the Cybercrime Prevention Act, which pertains to “illegal access to the whole or any part of a computer system without right.”

Agents also seized his personal computer, which will be subjected to digital forensic examination, to check his activity before, during and after the hacking.

Tagged as a member of the hacking group Anonymous Philippines, Biteng had an unusual request when he met Mendez.

“He even took a selfie with me. He asked me, ‘Sir, can I have my picture taken with you?’” Mendez said, shaking his head as he recalled his meeting with the suspect.

In a press conference, Comelec Chairman Andres Bautista said the hacker admitted that he defaced the Comelec website on March 27. In the message posted on the website, the group criticized the poll body for rejecting some of the security features of the automated polls. They said that they wanted to show the hacking might expose the vulnerability of the entire electoral process, which has gone automated.

“He wanted to show how vulnerable the website is to hacking,” Bautista said. “He wanted the Comelec to make sure the security features of the vote counting machines would be implemented during the election.”

According to Bautista, Biteng does not belong to any political party, nor was he paid by anyone to do the hacking.

Bautista assured the public that the hacking incident will not have an effect on the automated countrywide elections on May 9. He said the defacement only affected some features of the Comelec website such as the precinct finder.

Mendez said the agency will apply for a series of search warrants for the remaining hackers. The NBI Cybercrime Division is also investigating if the hacker is involved in the defacement of other government websites.

According to the NBI agent on the case, Francis Senora said Biteng had been hacking websites for years “for practice.” Among the 25 government websites, he was able to hack were that of Pagasa, the Civil Service Commission, and the Dipolog city government.

However, his popularity also became his downfall, Senora said. “He left so many traces that helped us identify him.”

The most incriminating was a hacking instruction video Biteng had uploaded on YouTube. In the video, he unknowingly exposed his identity when he clicked his computer’s “start” button, showing his full name.

The Comelec has formed a technical working group that will “try to recover the data that were compromised, look after the safety and security of the website and make sure it never happens again.”

Tech firm TrendMicro reported that the website hacking and the leak of the Comelec database put the information of 55 million registered voters in the country at risk and exposed them to identity theft. The report said the Comelec hacking may be the biggest government-related data breach in history.

In the meantime, Comelec dispelled the public’s fears and assured the voters that sensitive biometrics data weren’t included in the database that the hackers leaked.