Data breach info from ‘dark web’ forums can be fake – CICC, DICT
MANILA, Philippines — The Cybercrime Investigation and Coordinating Center (CICC) and Department of Information and Communications Technology’s (DICT) eGov Development Team advised cybersecurity enthusiasts to exercise caution when reviewing data breach information on the Breach Forums.
The agencies shared this statement after CICC Executive Director Alexander K. Ramos revealed that the recent eGovPH hack post was fake.
“The Breach Forums user GR3GGM3RC3R we are investigating, who claimed to hack the eGovPH app, is a scammer and not a real hacker,” Ramos said.
Article continues after this advertisement“He’s attempting to defraud forum members by falsely claiming possession of sensitive data,” he added.
READ: CICC protects the Philippines from cyber threats
DICT Undersecretary for E-Government David Almirol gave assurance to the public that the eGovPH app has multiple security measures ensuring its safety.
Article continues after this advertisement“Aside from the encryption and eGovChain security, we also have an attached key for each data,” Almirol stated.
“If someone claims they have hacked the system but cannot provide the key, their claim is false.”
Breach Forums is a dark web platform where cybercriminals trade stolen data and illicit digital goods.
Ramos said the CICC received information that GR3GGM3RC3R got banned for scamming.
“Some concerned users contacted the account holder to request sample data to verify the alleged eGovPH breach,” Ramos said.
“However, the scammer could not provide the requested evidence, exposing the claim as a hoax.”
READ: Fintech players urged to build up cybersecurity capability
Almirol shared more details regarding Breach Forums. He said it thrives on illegal activities but enforces a code of conduct.
“The Breach Forums’ existence in the dark web underscores the critical need for strong cybersecurity measures…”
“…international cooperation to combat such platform, and the broader cybercrime ecosystem they support.”
The Philippine cybersecurity group Deep Web Konek reported on its blog the claim of a fake data breach, prompting the cybersecurity community to express concern.
