PNP urges policy review after hacking of Congress websites

MANILA, Philippines — The Philippine National Police on Sunday called for a government-wide review of cybersecurity measures after hackers defaced the websites of the Senate and House of Representatives within days of each other.

“This incident serves as a reminder that cybersecurity must remain a top priority for all government agencies,” said PNP chief Gen. Jose Melencio Nartatez Jr. in a statement on Sunday.

“We encourage institutions to regularly review their security protocols, update their systems, and strengthen monitoring mechanisms,” he said, adding that the PNP Anti-Cybercrime Group (ACG), headed by Police Maj. Gen. Wilson Asueta, were already investigating the matter.

Article continues after this advertisement

READ: Senate website defaced by group demanding public accountability

FEATURED STORIES

NEWSINFO

NEWSINFO

NEWSINFO

The House website was defaced on Saturday, just two days after the Senate’s website was vandalized twice on June 10 and June 11.

The Department of Information and Communications Technology (DICT) said in a separate statement that it was already investigating the incidents, but initial assessments showed that no confidential or sensitive government data were compromised.

READ: No sensitive data compromised in Senate website defacement — DICT

The department reminded the public that defacing a website is punishable under the Cybercrime Prevention Act of 2012 (Republic Act No. 10175) with at least six years imprisonment and sizeable fines.

Article continues after this advertisement

The PNP said the attacks appeared to have been committed by three separate groups of hackers who made no particular demands and seemed to want only to exhibit their hacking skills or mock cybersecurity measures.

In all three instances, the messages the hackers left on the legislature’s websites claimed they broke the law for lofty purposes, like calling for an end to government corruption.

Article continues after this advertisement

The police said the attack on the House was by a group identified as 3Musketeers, which is also believed to be behind the vandalism done on the chamber’s website in October 2023. The authorities have not made any arrests nor identified suspected perpetrators.

The authorities believe the two defacements of the Senate website were done by the groups identified as Nullsec Philippines and SentinelX.

Nullsec Philippines claimed responsibility for the defacement on June 10 and called for “transparency.” The second defacement on June 11 was claimed by SentinelX, which criticized the Senate’s cybersecurity.

Nartatez said they would also coordinate with relevant agencies “to determine the source, method, and extent of the website defacement.”

“We will pursue a thorough investigation and ensure that those responsible are identified and held accountable,” Nartatez said.

But the PNP has made no arrests connected to hacker attacks since 2023.

In 2024, a group calling itself DeathNote Hackers breached the Senate’s website and stole employees’ usernames and logs, but officials of the PNP, DICT and Senate belittled the incident as “not a cause for alarm” and did “not pose any significant security risk” even if they were already attacked.

Neither the DICT nor its subsidiary Cybercrime Investigation and Coordinating Center, under former DICT Assistant Secretary Renato Paraiso, has officially released any report, if any, of the mentioned incidents.

Your subscription could not be saved. Please try again.

Your subscription has been successful.

The PNP chief could only announce that safeguarding government digital infrastructure requires a whole-of-government approach anchored on preventive security measures, swift incident response, and sustained interagency collaboration. /cb