National Unity Party (NUP) president and Camarines Sur Rep. LRay Villafuerte wants Government to work closer with public telecommunications entities (PTEs) and private cybersecurity experts in strengthening the country’s digital infrastructure to best safeguard our over 105-million strong Subscriber Identity Module (SIM) database against hackers, amid the alarming spate of security breaches of official websites, including that of the House of Representatives.
Villafuerte, who co-authored Republic Act (RA) or the “SIM Registration Act” of 2022, said the Department of Information and Communications Technology (DICT) and National Telecommunications Commission (NTC) must work closer on stronger data protection measures with the three PTEs—Globe Telecom Inc, Smart Communications Inc. and Dito Community Corp.—and other private entities with expertise on cybersecurity to insulate our SIM database from the disturbingly increasing hacking incidents in recent months.
Villafuerte cited the urgency for the DICT and NTC to be proactive in securing our SIM database of ever-growing PTE subscribers, following the online data breaches involving the Philippine Health Insurance Corp., (PhilHealth), Department of Science and Technology (DOST) National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), Philippine Statistics Authority (PSA) and, just last weekend, the House of Representatives.
The congressman said the DICT should be given more funds so it could hire more tech experts and launch with the PTEs a new round of user education initiatives to inform the public about greater vigilance against digital fraud and not to become careless in revealing personal information to unknown parties, more so now when cybercriminals have become more sophisticated in peddling schemes to dupe unsuspecting Internet users into parting with their confidential data leading to identity theft and illegitimate bank and other official online transactions.
“Apart from fostering a closer partnership with PTEs and other private groups with expertise on cybersecurity, the DICT (Department of Information and Communications Technology) and NTC (National Telecommunications Commission) could build a far stronger cyberspace posture by investing big in cutting edge anti-virus software and hiring a lot more tech experts to best protect our database of 105 million-plus SIM registrants that is growing by the day, against security breaches similar to those that have hit various institutions in succession over the past half-year,” Villafuerte said.
Villafuerte cited the urgency for the DICT and NTC to be proactive in securing our SIM database of ever-growing PTE subscribers, following the online data breaches involving the Philippine Health Insurance Corp., (PhilHealth), Department of Science and Technology (DOST) National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), Philippine Statistics Authority (PSA) and, just last weekend, the House of Representatives.
After about a million records from the PNP, NBI, BIR and SAF were reportedly leaked online in April, the PhilHealth reported on Sept. 22 that 730 gigabytes of its information—equivalent to about a million of its members’ registration forms—were compromised in what is considered the largest breach of government data since “Comeleak.”
“Comeleak” refers to the hacking of the Commission on Elections (Comelec)’s database in 2016 that affected the personal information of over 50 million voter-registrants.
Hackers believed belonging to the Medusa group started releasing online confidential PhilHealth memos and other sensitive files to pressure this state-run firm into coughing up a $300,000 ransom in exchange for deleting their stolen data and restoring its access to its server files.
The PhilHealth has more than 59 million direct and indirect contributors.
After the National Privacy Commission (NPC) reported the Sept. 22 data breach at PhilHealth, the PSA sent two weeks later a breach notification to the NPC that allegedly affected its Community-Based Monitoring System (CBMS).
Last week, the DOST confirmed that it was likewise hit by a data security breach in August, involving the leakage of the email addresses of about 1,000 experts and clients registered in its OneExpert portal.
Then just this weekend, the House of Representatives reported an “unauthorized access” to its www.congress.gov.ph site on Sunday afternoon when a certain “3Musketeerz” breached and defaced this website in this latest cybersecurity breach involving a government institution.
The DICT has already been informed of this hacking incident and has been communicating and coordinating with the House in investigating this incident.
“This flurry of security breaches since summer up to last weekend’s unauthorized access to the House website should serve as a wake-up call that many things needs to be done at once by the DICT, NTC and even the NPC (National Privacy Commission), in coordination with the private sector, including our PTEs, of course, on the matter of ensuring a foolproof security system for our SIM database,” he said.
Data from the DICT-attached Cybercrime Investigation and Coordinating Center (CICC) showed, meanwhile, that cybercrime cases almost tripled to 6,250 during the January-June 2023 period from 2,477 in the same semester last year.
“Unless urgent steps are taken for stronger data protection, we will see an erosion of public confidence in the government’s online security system, possibly negating the Marcos administration’s inroads in putting our country’s digital transformation on the fast track,” he said.
Based on a report on an IBM study, Villafuerte said the Philippines has among the fewest cybersecurity professionals in the region.
In 2021, for instance, there were only about 202 professionals with Certified Information Systems Security Professional (CISSP) certifications, as against more than 10 times that number (2,804) in Singapore, he said in citing that IBM report.
After the seven-month registration of SIM numbers ended last July 25, Villafuerte exhorted enforcers to crack down harder on violators of the new law and of the Cybercrime Prevention Act to prevent owners of cellular phones (celfones) and other mobile communication devices from being swindled by nefarious groups and individuals behind text scams and other types of celfone-based fraud.
Villafuerte urged Globe, Smart and Dito, along with the DICT and NTC, to continue with their information drives to acquaint the public with the new schemes cooked up by cybercrime syndicates and unscrupulous individuals to rip off people despite the registration of their SIMs.
He said our authorities need to step up their anti-cybercrime efforts as President Marcos, during the joint anniversary celebration of the National Security Council (NSC) and the National Intelligence Coordinating Agency (NICA) at the Philippine International Convention Center (PICC) in July added cyber-attacks to the list of national security threats to the Philippines.
The former Camarines Sur governor at the same lauded local government units (LGUs) that have helped Smart, Globe and Dito along with the DICT and NTC undertake what the government has described as a “successful” sign-up program that hit the official target of 100 million to 110 million registered SIMs before the deadline.
“Now that the SIM registration period is over, it is time for our authorities to prove their true mettle as law enforcers by taking down violators of this new law plus the related 2012 law penalizing cybercrimes to finally stop nefarious groups and individuals from duping legit users of celfones and other mobile communication devices from among the almost 106 million SIMs that have been listed in our national database before the July 25 deadline,” Villafuerte said in a July statement.
After the sign-up ended last July 25, the NTC reported on its website that, as of July 24, the number of registered SIM cards in the country reached 105.91 million, or 63.04% of the total 168 million SIMs.
Of these registered SIMs, Smart accounted for 49.99 million; Globe, 48.37 million; and Dito, 7.54 million—equivalent to a respective 75.39%, 55.77% and 50.44% of their total subscriber base, respectively.
Citing reports, Villafuerte said the cunning methods resorted to lately by scammers to continue victimizing the public include buying or selling pre-registered SIMs, switching their illicit activities overseas, or avoiding detection by the authorities and PTEs by leveraging messaging apps like Messenger, Viber, Telegram and WhatsApp in lieu of the traditional SMS (short message service) system.”
Villafuerte said, “The 19th Congress will certainly use its oversight functions to monitor the implementation of this new law, which was written by lawmakers last year in a bid to put an end to the proliferation of text scams, identity theft leading to unauthorized bank withdrawals, and other cellphone-based fraudulent activities that have plagued Filipinos in the then-absence of legislation for our law enforcers to effectively bust and prosecute scammers.”
That the number of Internet-based crimes had even increased during the SIM registration period could be gleaned, said Villafuerte, from the latest data from the PNP-Anti-Cybercrime Group pointing to a 190%-jump in the number of SIM card-aided crimes to 4,104 over this year’s January-June months from 1,415 in the same six-month period in 2022.
The police reported that 3,587 of these cases were related to electronic or E-wallet apps; 445 were bank fraud incidents; and the rest involved text scams, online payments, cryptocurrency scams and false news.
Data from the DICT-attached Cybercrime Investigation and Coordinating Center (CICC) showed, meanwhile, that cybercrime cases almost tripled to 6,250 during the January-June 2023 period from 2,477 in the same semester last year.
The NUP president had authored with Camarines Sur Reps. Miguel Luis Villafuerte and Tsuyoshi Anthony Horibata and the Bicol Saro partylist House Bill (HB) 2213, one of the bills that was consolidated into the House-approved version of the final congressional measure that President Marcos eventually signed as RA 11934.
