K1LL3rB4LL compromises DepEd Marinduque website

Sometimes, you would wonder how our government act on issues involving cybersecurity. The Department of Education (DepEd) is a top favorite probably because most of their websites have little to zero security. Their assigned IT personnel, if there’s one, does not seem to care about the reputation of the agency nor with the information that their websites store. It may not be their top priority as of the moment since they’re also bombarded with more pressing national issues but shouldn’t DepEd do something about these rampant defacements? Isn’t it alarming?

A recent report sent to us compromises another website of the agency. A hacker nicknamed K1LL3rB4LL defaced the website of DepEd Marinduque. The defacement took place last night and the message that they left to the domain remains up as of this writing.

The message of the hacker is simple – he wanted the system administrator of the site work like a real IT pro. He’s suggesting to apply the necessary patches on the website as soon as possible. It would probably take some time for them to fix this security issue but hopefully, they are already on top of this now. If not, they should be ready for the worse. It’s just a matter of time for other hackers to target their website to do more sophisticated attacks.

Based on the report, the hacker managed to get through the admin panel of the website which led him to view some credentials. Using those pieces of information, he was able to log in to DepEd’s Learning Resource Portal. You could just imagine the extent of this breach with all the possibilities that this hacker could do.

K1LL3rB4LL claimed that he’s from Marinduque and is really concerned about the security of DepEd’s website in their province. He already reached out to them before but was not satisfied as they’re not acting on it appropriately.

In a social media post, Anonymous Quezon City shared the email users that K1LL3rB4LL acquired after compromising DepEd Marinduque. To avoid spreading the confidential information, we purposely removed the associated Pastebin link in the image below (although we know you’re just one click away in getting hold of that information).

We do not condone this and other similar attacks to any websites even if we share the same sentiment that our government should seriously consider investing in cybersecurity.

**Update**

September 11, 2018 – Reported this security incident to 8888 under Ticket #: G20180911-447-5

September 14, 2018 – DepEd Marinduque sent us an email saying that they have already received the report from 8888 and security measures are now being deployed to the website. As of this writing, the site is currently down and is just being redirected to their web hosting provider.

**End of Update**

We truly appreciate that the agency is really acting on this. Kudos, to DepEd Marinduque! We hope that this would be your last security incident.

Fjordan Allego
Follow me

Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.
Fjordan Allego
Follow me

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.