THE hacking of the Journal Group and main government websites more than 20 years ago literally triggered the establishment of the Philippine National Police Anti-Cybercrime Group (PNP-ACG), the country’s top cybercop fondly remembers.

“I’m still a young Police Senior Inspector when we started working against cybercrime way back in 2003. It’s like a hobby for us like-minded people when we were assigned at the then Anti-Transnational Crime Division of the Criminal Investigation and Detection Group,” PNP-ACG director Brigadier General Bernard R. Yang told the Journal Group in a one-on-one interview.

The member of PNP ‘Patnubay’ Class of 1995 said during those days, they were battling illegal drugs, gunrunning, human trafficking and other transnational crimes involving citizens in the Philippines and other foreign countries.

Yang was then working under CIDG-ATCD chief Gilbert C. Sosa, a member of Philippine Military Academy ‘Maharlika’ Class of 1984 who retired as a police general in 2018.

“It was Sir Gilbert who came up with the idea to create a cybercrime unit in our office. During our early days, we only relied on a rickety typewriter, we have no computers, no trained personnel, no nothing,” the PNP-ACG director said.

That was until the hacking of www.journal.com.ph and www.gov.ph made the CIDG-ATCD officials realize that they have lots to do to fight a modern enemy called “hackers,” Brig. Gen. Yang said.

“We handled many cases during those days but two cases really got stuck in my mind: the hacking of www.journal.com.ph and www.gov.ph which we investigated without real proper training during the time of President Gloria Macapagal-Arroyo.

“We investigated those cases when we only had our E-Commerce Act which was created because of the infamous ‘I Love You Virus,’” he said.

Yang was referring to the “I Love You” virus or the “Love Bug” which really played a significant role in the creation of Republic Act 8792 or the Philippine Electronic Commerce Act.

The “I Love You” virus highlighted the lack of laws in the country to address cybercrime, leading to the government enacting legislation to punish perpetrators of such malicious software like the “I Love You” virus in 2004.

The man behind the “Love Bug” admitted to creating and releasing the virus initially to steal internet access passwords since he could not afford to pay for success.

Within 24-hours of releasing the “I Love You” virus, it spread across the world and triggered an investigation which led to the arrest of the virus creator, a young computer science student who was eventually arrested by authorities but was later released with all charges against him dropped simply because there were no laws then against writing malware.

Brig. Gen. Yang said lacking the necessary tools, they largely depended on their investigators’ instinct and some luck when they investigated the hacking of the Journal Group and main government websites.

The official recalled that it was on April 7, 2004 when the Journal Group of Companies sent a complaint to Mr. Wilson Chua, owner of the Bitshop Network Service (BNS) regarding the company’s extremely slow download connection.

The complaint was signed by the Journal Group publisher then, the late Roberto Capco.

Twenty-days later, Chua informed the Journal Group that the machine hard drive of the following web pages crashed: www.gov.ph; www.sanmiguel.com.ph and www.journal.com.ph.

On April 30 of the same month, BNS transferred the www.journal.com.ph web pages to another web server computer as Chua identified six suspected IP addresses who were involved in the coordinated Denial of Service (DOS) attack to the websites www.gov.ph and www.journal.com.ph.

Brig. Gen. Yang said they found out that the Journal website also appeared to be the to be one of the main targets as the attack shifted to the server containing www.journal.com.ph when it separated from the other websites.

He added that they eventually discovered through forensic analysis conducted on the log files of hacked websites that there were a series of scan attempts for vulnerability exploit.

Those attempts could really pose the danger of “a future and more paralyzing assault to the systems which is a cause of major concern.”

The Journal Group then, according to the official, provided them with an excerpt of events which could possibly be an important lead in the investigation into the matter of “network intrusion.” Capco, then Office of the Press Secretary Assistant Sec. Edne Belleza and Chua officially filed a complaint before the Task Force for the Security of Critical Infrastructures which in turn referred the matter to the newly-created Computer Crime Unit of the CIDG-ATCD.

“Here comes our small unit investigating the hacking of www.journal.com.ph and www.gov.ph. In short, we were able to identify the IP address from the University of the Philippines-Visayas and we went there to investigate. It turned out that UP-Visayas is also conducting an internal investigation into the matter after the IP address was linked to one of their employees,” Brig. Gen. Yang said.

Yang said banking on their knowledge of the traditional way of investigation, they sent a subpoena duces tecum, then signed by PNP-CIDG director Gen. Arturo C. Lomibao — who became the PNP chief from March 14, 2005 to July 5, 2006 — to Globe Telecom which obligated the company to give them the data they need.

“After conducting the investigation including some digital forensic examination, we filed a case for violation of the E-Commerce Act, specifically hacking against the accused. We were not sure then that our case will prosper but the suspect made a guilty plea during trial and was sentenced to jail,” he said.

Brig. Gen. Yang said the accused said he made many attempts to guess the passwords of the websites he hacked.

“He merely relied on password guessing and later said he just wanted to test the vulnerability of the government system and even that of the Journal Group website,” he said.

Records showed that the Filipino hacker identified only as “Giner” in reports pleaded guilty to hacking the Philippine government portal “gov.ph”, the Journal Group website and other government websites and was convicted for violation of Section 33a of the E-Commerce Law.

“Giner” made history as the first local hacker to be convicted under the Cybercrime Prevention Act in the Philippines in 2005, thanks to the thorough investigation conducted by the CIDG-ATCD.

He received a sentence ranging from 1 to 2 years imprisonment along with a fine of P100,000 although he applied for probation.

AUTHOR PROFILE

Alfred P. Dalizon