Forwarded from: William Knowles <wk@private> http://news.inq7.net/infotech/index.php?index=1&story_id=26163 By Erwin Lemuel Oliva Feb 02, 2005 INQ7.net A MANHUNT for the alleged Filipino hacker of the government portal "gov.ph" and other government websites was launched after the suspect went into hiding, the police said Tuesday. Judge Antonio Eugenio of the Manila Regional Trial Court ordered the arrest of a certain JJ Maria Giner on January 24, 2005 for violating section 33a of the Electronic Commerce Law. Giner remains at large to date however. "He's now on top of our priority list," said Police Superintendent Gilbert Sosa of the Anti-Transnational Crime Division (ATCD) of the Philippine National Police Criminal Investigation and Detection Group (PNP-CIDG), in an interview. Sosa is also executive director of the Government Computer Security Incident Response Team (G-SIRT). According to the arrest warrant, the court set bail for Giner at 25,000 pesos (440 dollars). The Department of Justice decided last month that there was enough evidence to file charges against him. A copy of the DoJ’s resolution, obtained by INQ7.net, revealed that Giner had admitted to hacking the government websites but indicated that he had no intention to "corrupt, alter, steal or destroy" files contained in the computer systems that were compromised. The DoJ resolution indicated that Giner penetrated government websites of the National Economic and Development Authority, the National Book Development Board, the Philippine Navy, Dagupan City, as well as the web servers or computer systems hosting websites of the local Internet service provider Bitstop and UP Visayas Miagao in Iloilo. Giner also launched attacks against the websites of the Office of the Presidential Management Staff in Malacañang, the Task Force on Security of Critical Infrastructure, the Professional Regulatory Board, the Department of Labor and Employment, and the Technical Educational and Skills and Development Authority, according to the DoJ resolution. "It was discovered that the respondent attempted to penetrate the digital infrastructure of government agencies as well as private businesses. Several network infrastructure setups were first scanned by [Giner] for vulnerability exploits. Critical government infrastructure facilities were also probed. Allegedly, [Giner] listed all the possible attack scenarios and backdoor programs to penetrate the target systems," the resolution added. In his counter-affidavit, Giner admitted to sending an e-mail to the National Economic and Development Authority (NEDA), informing the agency about the vulnerability of its website to hackers. With this admission, he argued that if he had the intention of destroying or corrupting the system, he would not have informed the agency. The suspected hacker also denied launching a so-called "denial-of-service" attack on the Journal Group of Publications website that resulted in system overload of the computer system hosting it, his counter-affidavit said. The DoJ resolution however said that Giner had clearly violated section 33a of the E-commerce Law (RA8792) because he was not authorized to access government websites. "Intention is not essential in this mode as mere unauthorized access is a violation of the law," the resolution said. The DoJ resolution further revealed that Giner launched attacks in April 27, 2004 until May 7, 2004, three days before the country’s national elections. The resolution said that digital evidence gathered by the PNP’s ATCD-CIDG Computer Crime unit indicated that Giner launched his attack from Internet addresses issued by Asia Pacific Network Information Center to Globe Telecom. When police further traced the IP addresses, they led to the U. P. Miagao campus in Iloilo, registered under the name of Efren Servento. Police then found that the IP addresses were assigned to a Linux-based system that served as a "primary gateway" to almost 200 computers all over the U.P. Miagao network. Further probing this network led police computer investigators to the Information and Publications Office, and eventually to a computer used by alleged hacker Giner, who happened to be the webmaster and program developer of U.P. Miagao. Giner's computer hard drive was seized and gave police "vital information" indicating what had transpired before and during the alleged network intrusion of the gov.ph portal and the Journal Group of Publications website, recounted the DoJ resolution. A source privy to the case disclosed that the police almost lost Giner after some Globe employees allegedly informed U.P. Miagao of the ensuing police investigation. The same source added that Globe initially refused to cooperate with the police until it was issued a court subpoena. Who is Giner? The DoJ resolution further revealed that Giner is a contractual employee of U.P. Miagao but had access to the university’s computer systems as webmaster. The DoJ resolution indicated that he comes from a middle-class family, his father a retired PC soldier and his mother a teacher. An outstanding student during his primary years, Giner was accelerated from grade III to grade IV. He graduated with a Bachelor of Science in Marine Fisheries at the University of the Philippines in the Visayas and had never been charged with any criminal offense. According to a copy of his dossier obtained by INQ7.net, he has worked for Process Foundation-Panay, Inc. and the UP Visayas’ Philippine Marine Transport Systems Project as research assistant. He also had evident skills in web development, database construction, model construction, and web interface development(HTML and JavaScript Programming), basic visual programming, MS Office applications, computer graphics design, and CRM Work. His other skills include First Aid and basic life support systems and scuba diving. His interests include fishes, gardening, cooking, computers, bio-toxins and poisons, arts (visual and music), underwater, coral reefs, islands. He speaks Hiligaynon, Kiniray-a, Filipino, English, and Cebuano. According to the DoJ resolution, Undersecretary Abraham Puruganan, head of the Task Force for the Security of Critical Infrastructure (TFSCI), is the main complainant in the "gov.ph" hacking case. On May 3, 2004, he filed a case against Giner in behalf of several government websites attacked from April to May 2004. Other complainants include the Office of the President, the Department of Interior and Local Government, and PNP CIDG-ATCD. Puruganan said the TFSCI has instructed the police to ask the Bureau of Immigration to issue a hold-departure order in case Giner decides to escape abroad. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 05:55:14 PST