In a series of attacks on the systems of the Philippine National Police, the hacker known as ph1ns breached both the PNP Logistics Data Information and Management System (PLDIMS) and, later on, the database of the Firearms and Explosives Office’s (FEO) Online License and Permits Application platform.
In a Manila Bulletin report, ph1ns is said to have gained access to and exfiltrated terabytes of data from the FEO database, with the police losing some 1.6 terabytes of sensitive information as a result of the breach.
The breaching of the FEO database follows an earlier attack on the PLDIMS, in which ph1ns revealed a data sample of over 393,000 rows of personal information from the breach.
The PNP, in a 2020 Facebook post, called the PLDIMS “a unified, reliable and real-time central database of comprehensive information on all PNP equipment and assets, and to provide effective and efficient logistical services and administrative support to the PNP.”
In the FEO database hack, the hacker claims to have downloaded information on 500,000 names in the list which, aside from names, included birthdays, civil statuses, emails, tax identification numbers, mobile phone and telephone numbers, details on next of kin, the date and expiry of neuro tests, and the date and expiry of drug tests.
DICT Undersecretary Jeffrey Dy, in an interview with ANC on Tuesday, May 21, said “a lot of our important personalities whose lives are also in danger or are receiving death threats own firearms” and would thus have data recorded in the FEO database.
Dy also told ANC the hack on PLDIMS was “patiently done” with the attack on logistics system taking about a month or two months to breach. “From there, [the hacker] got more information, and was able now to move laterally from one system to the other.”
The hacker cited human error within the PNP’s security protocols for allowing the breach to occur.
The group known as ph1ns has previously been linked to cyberattacks on websites of companies owned by House Speaker Martin Romualdez, and computer brand Acer. – Rappler.com