"Why not deface the Comelec website?"
That's not a question everyone usually asks themselves. But then again, not everyone is a professional hacker.
On March 18, Paul Biteng found himself asking just that.
Biteng is not your average IT graduate. He is a professional hacker, who in 2014, has been recognized by Facebook and Microsoft for "responsible disclosure," which made their online services better equipped against cyber vulnerabilities.
In an interview with the Inquirer, the 23-year-old said that he had been bored that day. The hacking operation started at 5 pm that day. After 13 hours, he had already cracked the computer codes and spotted the errors on the website.
But there was more to it than just that, as the interview would suggest that the hack may have also been political in nature.
READ ALSO: 10 things about the Comelec website hacker
In March, Comelec has been receiving flak for refusing to implement four safety features on the vote-counting machines. They also fought against printing vote receipts.
According to Republic Act (RA) 939 or the Automated Election Law, the safety measures mentioned are as follows: ballot verification or ultra violet detectors, the source code review, the voter verified paper audit trail and the digital signature
"The government didn’t think it was necessary to do these things. But these are safety measures to ensure that there would be no cheating [on Election Day]," he said. “Since I was bored that day, I thought I should give voice to the voiceless.”
The hack revealed a weakness in the Comelec's cyber security. Moreover, it led to a data leak that exposed the personal information of registered voters, making them vulnerable to cybercrimes like identity theft.
Biteng, however, said that was not part of the plan.
“And that’s what bothers me the most. I did not leak the voters’ details. I didn’t even expect that to happen.”
On March 20, he shared the codes with hackers whose real identities he claimed he didn't know. A week later, the website was not only defaced, but voters' data were leaked as well.
"I don’t know why (the other hackers) did that because my plan was only to deface the site and get my message across."