Six months ago, the National Bureau of Investigation arrested 20–year–old hacker Paul Biteng after he hacked the COMELEC website. Reports say that what he did was the biggest government data security breach in the country’s history.
“You have dialed a highly classified top secret phone number. We are now tracking your location. You cannot run. You cannot hide. There is no escape. In two minutes a special commando team will swoop down on you and will arrest you with whatever means necessary. Do not—repeat—do not even think of escaping. You have illegally tapped into the secret government communications network. You have just dialed yourself into being one of the most wanted terrorists in the world. So—
—D’yan ka lang ha?! Huwag mong ibaba! Sasagutin rin niya ang phone!”
That was Paul Biteng’s ringback tone.
Back in April, he topped the national news headlines after he got arrested for hacking the Comelec Website. Hacking government sites isn’t anything new, but what separated him from other hackers was his timing. He hacked the Comelec website less than a month before the 2016 presidential elections. It was about that time when Comelec was at a critical juncture as they prepared the automated polls for the upcoming elections.
Comelec says their system was secure, but Paul proved them wrong. Data belonging to 55 million voters, which included their passports and fingerprint details, was leaked on the web. This is why it was considered the biggest government-related data breach in the history.
FHM then tried tracking the young hacker for a month. Paul is already out on bail through the help of his family, friends and fellow hackers.
Paul agreed to meet with them for an interview. They decided to meet in a mall in Manila, where Paul arrived wearing his V for Vendatta shirt. FHM described him as a man who barely looked like he graduated from high school.
“Twelve days ako na-detain sa NBI. Sina mama at papa lang yung gumagalaw [para makapag-bail ako]. Nakapagpost ako ng bail with the help of family, friends, and fellow hackers,” Paul says.
Paul recalled that he was smoking cigarettes when the NBI picked him up a couple weeks after he graduated from Perpetual Help College in Manila.
He said that he shouldn’t be considered a ‘master’ in the hacking community that the reports made him out to be.
“Sa school kasi nanggaling yan. Hindi naman sa masipag…oo, masipag magbasa ng codes, basta programming, interesado ako. So madali ako makatapos ng mga activity, kaya tinawag ako ng mga kaklase ko na “master.” Pero sa [hacker community] hindi nila ako tinatawag na ganyan.”
He then revealed that he was the one who hacked the Comelec website but he wasn’t the one who leaked the information. He claims two other hackers were responsible.
“Sinasabi kasi nila [Comelec] secured, so tinest ko kung mabubutas—yun ang term namin dun, butasin para makapasok. May nakita ako, so nireport ko [sa Comelec]. Kaso hindi sila nagreply,” Paul says.
Paul spent one summer in 2012 reading codes on Google and learning how to hack.
Paul described himself as an underachiever and has no interest in studying.
“Yun, wala rin! Tamad lang talaga akong mag-aral. Tapos wala na ring sports, eskwela-bahay na lang lagi. Nag-DotA rin ako, pero sa shop lang na malapit sa amin.”
When he was still in high school, he learned how to customize the settings of a game on private servers which players were willing to pay to be able to play. In college, he realized that hacking could be a cool thing.
He quickly learned how to hack and met with his fellow hackers on social media. He then began to earn money by spotting the weaknesses in websites. This act is called a Bug Bounty Program.
“Ito yung pag nakakita ka ng bug, irereport mo dun sa site, tapos babayaran ka nila. Yung dun sa Facebook, binayaran nila ako ng $ 1500 (or about P69,450 at the exchange rate as we write this). Minus tax na $ 450, bale $ 1150 ang nakuha ko. Nakapagbayad ako ng tuition at nakabili ako ng motor. Alam ng mga magulang ko yung ginagawa ko, nagsasabi naman ako,” Paul says.
It was then that FHM found out that Paul also hacked their website. He swore that he didn’t take anything and that he just did it because he was bored.
“Hindi naman ako sikat, kilala lang ako na magaling magbutas. Yung website niyo butas.” He claimed.
“Oo. Pero hindi ako nakapasok. May butas lang siya, pwede akong mag-extract ng data—usernames, passwords. Yun ang mga dapat protektahan. Pero hindi ko ginawa kasi hanggang dun lang ang limit ko, yun lang ang kaya ko.
In terms of being jailed, this is what Atty. de Jesus stated:
“[Biteng] can be prosecuted for different counts based on different provisions of each law,” says Atty. de Jesus. “He can be prosecuted for hacking, for the fact that he accessed the Comelec website without right. He can also be prosecuted separately for computer-related identity theft. This last one means you intentionally acquire, use, misuse, transfer, possess, alter, or delete the identifying information of another without right. I think these are the offenses that were committed by Paul Biteng.”
For all these violations, Biteng could be slapped with fines and imprisonment. The E-Commerce Act imposes “a minimum fine of P100,000 to a maximum amount commensurate to the damage incurred.”
Post a Comment