Recently, Philippines Senator Paolo Benigno “Bam” Aquino IV claimed that his staff email accounts had been “hacked” and hackers had composed and sent malicious emails purporting to promote destabilization moves against the Philippine government.
Aquino, a member of the opposition Liberal Party, claimed that at least five email accounts belonging to his staff and other senators like Sen. Francis Pangilinan were compromised in the hacking incident from March 21 to October 11. He asked the National Bureau of Investigation (NBI) to look into the identity theft and hacking incidents. [ GMA-7]
But cyber security experts why Senators would use public emails like Gmail and Yahoo which are prone to phishing, hacking and can be accessed by foreign entities such as the US government and US staff of these services.
Proof from Aquino himself: Senate staff using free email services
The first incident, according to Aquino, was discovered on March 21 when one of Pangilinan’s staff members saw a draft e-mail with the subject “The investigation on DDS.” None of the staff members admitted or remembered having written the draft.
A similar incident supposedly occurred on September 7, when the “hackers” sent an e-mail to the Government Service Insurance System (GSIS) from a second hacked account. The subject was “emergency inquiry from office of Sen. Francis “Kiko” Pangilinan.
The third breach allegedly took place on September 26 when a dubious email was saved to the drafts folder. The email had a subject “leaked media plan to destroy PRRD” and was addressed to Pangilinan and Senate Minority Leader Franklin Drilon.
Aquino said the IP addresses used in the intrusions used were traced to the Senate Wi-Fi, and at least one IP address was in the United States.
Hacking story a bit unbelievable
But IT experts had cast doubts on the incidents because the email accounts were on the gmail.com and yahoo.com domains. These two popular email services have security measures in place to detect logins from unknown IPs and unusual locations. and alert the account owners on their phones or recovery emails.
(see screenshot below, of an alert from Gmail)
More questions…
Were Senators Aquino and Pangilinan really hacked?
How can they detect IP address of those who accessed Gmail and yahoo when they don’t have control of their services?
And why are their staff using free email services such as Gmail and Yahoo?
Even in the US, using private email accounts for government business is considered high risk. Recently, Jared Kushner, President Trump’s son-in-law and a White House senior adviser, was criticized for using his personal email account to conduct official government business. [Politico]
Even the CIA director was not spared from a hacking of his personal email address which yielded information sent to top security and defense officials [Wall Street Journal]
A blogger in the Philippines, internet sleuth and IT expert RJ Nieto, casts doubt on Aquino’s hacking story
Leave a Reply