Boredom made me do it, says Comelec hacker

Boredom made him do it, confessed the IT graduate who hacked into the Commission on Elections (Comelec) website and caused a massive data leak of voters’ information.

Defacing the Comelec website was meant “to give voice to the voiceless,” Paul Biteng told the Inquirer in an interview.  But the data leak was not part of the plan, he added.

Biteng recalled that it was a “boring” March 18 afternoon at home, and that he was “looking for something to do” aside from playing the usual computer games and reading the news online.  He was “not a TV person” and there was no newspaper around, so the 23-year-old did what he thought he does best: hack a website.

And then he thought, “Why not deface the Comelec website?”

The hottest topic at that time was the Comelec’s refusal to ensure that the vote-counting machines would have four safety features and that there would be vote receipts during the May 9 elections, Biteng said.

“The government didn’t think it was necessary to do these things. But these are safety measures to ensure that there would be no cheating [on Election Day],” he added. “Since I was bored that day, I thought I should give voice to the voiceless.”

The “operation,” as Biteng fondly called the hacking during the Inquirer interview, began at 5 p.m. that day, a month before his graduation on April 15.

 

Identities unknown

Cracking the computer codes or spotting the website’s “error” took 13 hours. In between, Biteng would smoke outside his parents’ house in Sampaloc, Manila, or play computer games. Then the lean-framed, curly-haired student would go back to work.

“I worked hard on this,” Biteng said with an occasional laugh during the interview.

On March 20, Biteng shared the codes with fellow hackers, whose real identity he said he didn’t know.  By March 27, the website had been defaced and the voters’ data leaked.

That was not part of the plan, Biteng said. “And that’s what bothers me the most. I did not leak the voters’ details. I didn’t even expect that to happen,” he added.

While he feels proud of the operation to deface the Comelec website, Biteng said he regretted the leakage and his subsequent arrest.

“I don’t know why (the other hackers) did that because my plan was only to deface the site and get my message across,” Biteng said.

Major breach

Initially after the hacking, Biteng said he played it cool and was unfazed by news reports. There was nothing to worry about, he thought, because he didn’t leak the voters’ data. But when news reports started describing the leakage a “major breach” and “the biggest leakage in history,” Biteng started to worry.

He knew then that he would be arrested, and expected authorities to pick him up soon. But getting jailed was farthest from his imagination.

“I’m scared of jail because I’m not a criminal,” he said.  After a pause, he burst out laughing: “Or maybe I am?”

He added:  “But I didn’t kill anyone. I’m not an ordinary criminal, I’m just a cybercriminal.”

The National Bureau of Investigation arrested Biteng on Wednesday night, and criminal charges were filed against him the following day at the Manila city prosecutor’s office. He remains detained at the NBI cybercrime division pending the resolution of the case.

The Comelec, meanwhile, said the website with the leaked voters’ data had been taken down. TVJ

RELATED STORIES

Comelec hacker arrested, asks NBI chief for a selfie

Comelec apologizes to public as new website leaks voters’ data

View comments

TAGS: Comelec, elections 2016, Hacker, Paul Biteng, technology