Excerpt from the transcript of the Radyo ng Bayan interview
of Undersecretary Manuel L. Quezon III
on leaked Comelec data and seeding of mail.malacanag.gov.ph
April 23, 2016
Marie Ruiz: Sir, may mga netizens na nagreklamo, netizens that complained that Malacañang downloaded the Comelec data hacked by the hackers.
Quezon: Yes, I’m glad you asked about that. Let me run through with you the sequence of events tungkol sa investigation right now. Marie, let me ask your indulgence this is going to be a little bit technical. But I think we should update everyone on what’s been happening.
This is what’s happened. The Executive Secretary was immediately informed on the night of April 21 at 9:55 pm of social media screenshots that purportedly showed OP’s mail server being used to torrent and seed the Comelec data.
Now, as of yesterday morning, there continue to be screenshots that the torrent was still being downloaded or seeded using the address. So what is being done?
An investigation is being conducted by the Office of the President-MIS department. The subdomain: mail.malacanag.gov.ph has been delegated to a specific mail server under the OP-MIS department since May of 2011.
Now, they are currently reviewing their firewall and server logs for any activity that would determine if: Number one, if the server was used to download and seed the torrent or; number two, if the server was compromised or if a remote client was using the mail server to access the Internet or; number 3, if the culprit intentionally forged his host name to appear as mail.malacanang.gov.ph with malicious intention.
So that’s where we are now. So far, according to the MIS department, no unusual activity has been detected, which only suggests at this point the possibility of a malicious forgery.
Now, in terms of accountability, it will be up to the Executive Secretary to determine the accountability, if proven that someone indeed used the mail server to download the Comelec data.
And as far as prevention is concerned, as Secretary Coloma said in his briefing yesterday, “This matter is being looked into as part of continuing efforts to improve IT security protocols.” So yun ang update where we are, what the problem is. It’s being identified, Marie.
Ruiz: And an investigation is underway po?
Quezon: Yes, and those are the emerging leads. Basically, there are three possibilities. As I mentioned earlier, either ginamit yung server para mag-download at mag-seed nung torrent. O baka may, in a sense, nag-hijack nung server and ginagamit nila yung hinijack [hijaked] na server para i-access yung Internet. Or number three, and this has happened before in many other places, may nagda-download ng torrent but kinalikot nila yung settings nila para magmukhang mail.malacanang.gov.ph ang gumagana at nagda-download kasi puwedeng palitan yung pangalan dun.
Now, yun nga, according to the MIS department wala silang nade-detect na unusual activity, so parang mas malabo yung number one and number two. Kaya nga sinasabi nila it suggests the possibility of number three. But this is not yet their final report. So antayin natin ang final report.