DILG-NCR’s CERT got hacked again

Just when you thought that the government is already taking online security seriously after the growing number of website defacement and data breach incidents recently, it seemed like they’re still not ready to face these threats yet.

In a report sent to us, a hacker managed to deface the website of the Department of Interior and Local Government – National Capital Region (DILG-NCR) particularly their Web Portal under the subdomain cert[.]ncr[.]dilg[.]gov[.]ph.

The said Web Portal contains log-in links to the agency’s multiple systems including Design Monitoring System, Records Databank System, Records Registry Tracking System, and Certificate Registration System.

It’s confusing why these systems are located under this subdomain when CERT generally stands for Computer Emergency Response Team. The Web Portal, which is hosted under this cert subdomain, does not seem to connect with the mandate of a CERT.

According to Section 4 of Executive Order No. 189, s. 2015, all bureaus, offices, agencies, and instrumentalities of the government were mandated to organize their respective CERTs. The compromised DILG-NCR subdomain may have been set up to be an online CERT portal for the agency.

If this is indeed the CERT portal of the agency, isn’t it ironic that it was hacked when the purpose of its creation is to prepare “appropriate and effective measures to strengthen their cybersecurity capabilities against existing and future cyber threats”? 

Our source said that he merely did a script deface or javascript overlay to deface the DILG-NCR website. But being the ‘good guy’ that he claimed to be, this attack was just to push the agency to act and secure their own website.

Based on the screenshot provided in the report, the culprit behind this attack is InFamouz, the grayhat hacker we featured a couple of days ago known for his attempts to compromise websites and deploy the appropriate patches afterward.

It can also be remembered that this same domain has been compromised almost a month ago by hackers presumably from Indonesia. Zone-H records show that it was defaced back on March 26, 2019.

We will have this coordinated with DILG-NCR and with the National Computer Emergency Response Team for proper actions.

Follow me

Fjordan Allego

Fjordan Allego aka Fjordz is an IT security practitioner in the Philippines. He maintains a couple of blogs where he shares his views on various topics that he finds interesting. A self-confessed introvert who's mostly active in social media, Fjordz also loves to travel and explore the wonders of the world.
Fjordan Allego
Follow me

Related Posts:

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.