By Robert B. Roque, Jr.
Imagine what could happen if all gun owners in the country are exposed and their personal data becomes fair game for hackers.
No less than the Senate has raised alarm bells regarding the recent breach of the Philippine National Police’s Firearms and Explosives Office (FEO) data systems. Hackers have broken into this database in violation of the privacy of private citizens right under the noses of the national police.
If you view it this way, that’s an outright threat to national security when sensitive information, including medical records and financial transactions, falls into the wrong hands through the systems of government law enforcement.
It’s a shame! That’s why Senator Imee Marcos — the President’s sister — is infuriated about it, criticizing the government’s lax approach to cybersecurity. This was not the first breach, and it certainly won’t be the last unless concrete steps are taken.
The excuse of “lack of input sanitization” and “debug mode vulnerabilities” while unacceptable, also reflects the reality that the government’s own bureaucratic machinery is partially to blame.
The Department of Science and Technology (DoST) hacking just a month ago echoed the same excuse of outdated systems. It exposed the sluggish procurement processes.
Imagine, it takes at least 60 days to procure a system, while technology marches on, rendering these systems obsolete in mere months.
Even Department of Information and Communications Technology (DICT) Assistant Secretary Renato Paraiso claimed that security protocols were in place, but they were shackled by antiquated technology. The DoST’s being compromised exposed the Achilles’ heel of government agencies — stuck in a time warp while threat actors operate in real-time.
It’s a wake-up call for the entire bureaucracy to modernize or risk being left vulnerable to future attacks.
The PNP-FEO data breach cannot also be put asunder. To be clear, we’re talking about safeguarding critical data that affects the lives of over half a million Filipinos here.
The last time I checked, the national police’s FEO site was still shut on processing. The Manila Bulletin had reported the breach as orchestrated by the infamous hacker, ph1ns, to puncture the myth of robust security.
Apparently, the hacker penetrated not one but two crucial police databases, ransacking terabytes of sensitive information. The breached FEO database, a treasure trove of personal data, now lies exposed, with details ranging from birthdays to next of kin, serving as fodder for potential exploitation.
DICT Undersecretary Jeffrey Dy’s admission on ANC last week underscores the gravity of the situation. Firearms owners, including high-profile personalities, now find themselves at the mercy of cybercriminals that no gun can scare away.
