[ISN] Manhunt for Filipino hacker ensues

InfoSec News isn at c4i.org
Wed Feb 2 06:09:18 EST 2005

Forwarded from: William Knowles <wk at c4i.org>


By Erwin Lemuel Oliva
Feb 02, 2005

A MANHUNT for the alleged Filipino hacker of the government portal
"gov.ph" and other government websites was launched after the suspect
went into hiding, the police said Tuesday.

Judge Antonio Eugenio of the Manila Regional Trial Court ordered the
arrest of a certain JJ Maria Giner on January 24, 2005 for violating
section 33a of the Electronic Commerce Law. Giner remains at large to
date however.

"He's now on top of our priority list," said Police Superintendent
Gilbert Sosa of the Anti-Transnational Crime Division (ATCD) of the
Philippine National Police Criminal Investigation and Detection Group
(PNP-CIDG), in an interview. Sosa is also executive director of the
Government Computer Security Incident Response Team (G-SIRT).

According to the arrest warrant, the court set bail for Giner at
25,000 pesos (440 dollars).

The Department of Justice decided last month that there was enough
evidence to file charges against him. A copy of the DoJ’s resolution,
obtained by INQ7.net, revealed that Giner had admitted to hacking the
government websites but indicated that he had no intention to
"corrupt, alter, steal or destroy" files contained in the computer
systems that were compromised.

The DoJ resolution indicated that Giner penetrated government websites
of the National Economic and Development Authority, the National Book
Development Board, the Philippine Navy, Dagupan City, as well as the
web servers or computer systems hosting websites of the local Internet
service provider Bitstop and UP Visayas Miagao in Iloilo.

Giner also launched attacks against the websites of the Office of the
Presidential Management Staff in Malacañang, the Task Force on
Security of Critical Infrastructure, the Professional Regulatory
Board, the Department of Labor and Employment, and the Technical
Educational and Skills and Development Authority, according to the DoJ

"It was discovered that the respondent attempted to penetrate the
digital infrastructure of government agencies as well as private
businesses. Several network infrastructure setups were first scanned
by [Giner] for vulnerability exploits. Critical government
infrastructure facilities were also probed. Allegedly, [Giner] listed
all the possible attack scenarios and backdoor programs to penetrate
the target systems," the resolution added.

In his counter-affidavit, Giner admitted to sending an e-mail to the
National Economic and Development Authority (NEDA), informing the
agency about the vulnerability of its website to hackers. With this
admission, he argued that if he had the intention of destroying or
corrupting the system, he would not have informed the agency.

The suspected hacker also denied launching a so-called

"denial-of-service" attack on the Journal Group of Publications
website that resulted in system overload of the computer system
hosting it, his counter-affidavit said.

The DoJ resolution however said that Giner had clearly violated
section 33a of the E-commerce Law (RA8792) because he was not
authorized to access government websites. "Intention is not essential
in this mode as mere unauthorized access is a violation of the law,"  
the resolution said.

The DoJ resolution further revealed that Giner launched attacks in
April 27, 2004 until May 7, 2004, three days before the country’s
national elections.

The resolution said that digital evidence gathered by the PNP’s
ATCD-CIDG Computer Crime unit indicated that Giner launched his attack
from Internet addresses issued by Asia Pacific Network Information
Center to Globe Telecom.

When police further traced the IP addresses, they led to the U. P.  
Miagao campus in Iloilo, registered under the name of Efren Servento.

Police then found that the IP addresses were assigned to a Linux-based
system that served as a "primary gateway" to almost 200 computers all
over the U.P. Miagao network.

Further probing this network led police computer investigators to the
Information and Publications Office, and eventually to a computer used
by alleged hacker Giner, who happened to be the webmaster and program
developer of U.P. Miagao.

Giner's computer hard drive was seized and gave police "vital
information" indicating what had transpired before and during the
alleged network intrusion of the gov.ph portal and the Journal Group
of Publications website, recounted the DoJ resolution.

A source privy to the case disclosed that the police almost lost Giner
after some Globe employees allegedly informed U.P. Miagao of the
ensuing police investigation.

The same source added that Globe initially refused to cooperate with
the police until it was issued a court subpoena.

Who is Giner?

The DoJ resolution further revealed that Giner is a contractual
employee of U.P. Miagao but had access to the university’s computer
systems as webmaster.

The DoJ resolution indicated that he comes from a middle-class family,
his father a retired PC soldier and his mother a teacher.

An outstanding student during his primary years, Giner was accelerated
from grade III to grade IV. He graduated with a Bachelor of Science in
Marine Fisheries at the University of the Philippines in the Visayas
and had never been charged with any criminal offense.

According to a copy of his dossier obtained by INQ7.net, he has worked
for Process Foundation-Panay, Inc. and the UP Visayas’ Philippine
Marine Transport Systems Project as research assistant.

He also had evident skills in web development, database construction,
model construction, and web interface development(HTML and JavaScript
Programming), basic visual programming, MS Office applications,
computer graphics design, and CRM Work.

His other skills include First Aid and basic life support systems and
scuba diving. His interests include fishes, gardening, cooking,
computers, bio-toxins and poisons, arts (visual and music),
underwater, coral reefs, islands. He speaks Hiligaynon, Kiniray-a,
Filipino, English, and Cebuano.

According to the DoJ resolution, Undersecretary Abraham Puruganan,
head of the Task Force for the Security of Critical Infrastructure
(TFSCI), is the main complainant in the "gov.ph" hacking case.

On May 3, 2004, he filed a case against Giner in behalf of several
government websites attacked from April to May 2004. Other
complainants include the Office of the President, the Department of
Interior and Local Government, and PNP CIDG-ATCD.

Puruganan said the TFSCI has instructed the police to ask the Bureau
of Immigration to issue a hold-departure order in case Giner decides
to escape abroad.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list