COMELEC breach data released online, fully searchable

COMELEC breach data released online, fully searchable

On March 27, the COMELEC (Philippines’ Commission on Elections) website was defaced and data on up to 55 million registered voters in the Philippines was compromised.

At the time, a COMELEC spokesman stated that “There is no sensitive information there”.

Presumably frustrated by the response, one hacker (or group of hackers) have decided to deposit all of that voter data onto a searchable website and let people make up their own minds as to what constitutes “sensitive information”. From the text on the site, it appears that the people behind this aren’t related to those who performed the initial breach.

PH Leak site

The site reads as follows:

What is this all about?

The site itself has little more than 3 data entry fields and a search button. There’s also a name pre-filled in the search boxes, which would happen to belong to the current President.

PH Leak search box

They also state:

ATTENTION: there is no any passport information, no documents, etc. There is just personal data from the previously leaked by LulzSecPinas Comelec database. We have no responsibility and don't give any warranty of leaked data's accuracy - we have just extracted it from the dump.

Given there are currently attempts to get the site taken down, this may be an effort to ward off that eventuality.

After looking at some of the data and talking to potential victims, we can confirm that there is indeed plenty of legitimate information in the pile:

Data

The site lets visitors drill down to individuals for a full picture of their personal information.

Individual information

To be more specific:

Sex, civil status, year of birth, month of birth, day of birth, birth province, birth city, resident province, resident city, resident Barangay, street, precinct and precinct code.

There’s some additional entries underneath the initial personal data which appears to be tied to voting registration information.

Information on the slow dripfeed of voter data from COMELEC is now (finally) making its way to those affected by the breach:

This afternoon, I was made aware that a website has been uput up that essentially made the data allegedly copied from the COMELEC, serchable. The national Bureau of Ivestigation Cybercrimes Division is now looking into the website, and investigating the matter. In the meantime they they have not furnished us with a copy of their findingsw, we advise the public not to use the hacker website as it can be used by the hackers to steal your information and thus expose you even further to the dangrs of identity theft....today, the NBI announced the apprehension of one of the suspected hackers.

(The insertion of the link to the hacker being apprehended is my own).

A little later, Democracy.Net.PH posted a long list of tips and security precautions to follow when dealing with matters of potential identity fraud.

This is certainly a huge hack, and – regardless of the motives of the people behind the search portal – anybody named is now a prime candidate for potential phishing and social identity attacks.

Anybody affected by this in the Philippines – and by anybody, we pretty much mean “everybody” – should be very careful for the next few months where emails, phonecalls and even housecalls are concerned.

We’ve dug around on sites related to the above, and come across what may be dumps related to other PH hacking groups. While some of this is old (going back to at least 2015), it will take some time to get a handle on it all. Additionally, these other dumps are likely not connected to the COMELEC hack.

Meanwhile, more information on the COMELEC hacker(s) is coming to light, and you can bet that this is just the beginning of a non-stop dissection of what went wrong. I suspect it might take them some time…

Christopher Boyd (Thanks to William Tsing for more information)

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.