Law enforcement authorities in the Philippines have arrested a second suspect in relation to the hack and defacement of the country's electoral commission, that resulted in the loss of up to 55 million voter records. In a press conference held on 29 April, Andres Bautista, the chairperson of the Commission on Elections (Comelec), identified a 23-year-old man called Jonnel De Asis as one the ringleaders of 'Anonymous Philippines', which reportedly orchestrated part of the attack on 27 March.
Last month, the Comelec website was defaced by hackers who are aligned with Anonymous. Then, a second group called LulzSec Pilipinas posted the entire electoral database online, roughly three days later.
The data dump contained National ID numbers, names, addresses and biometric data, including fingerprint records, according to analysis conducted by security firm Trend Micro.
Now, according to ABS-CBN News, Ronald Aguto, head of the National Bureau of Investigation (NBI) computer crimes division, said the arrested suspect admitted to hacking the website in order to "prove its vulnerability" and also claimed that the suspect was to blame for uploading the trove of data into a searchable format on a short-lived public website.
"Initial investigation disclosed that he was the one who downloaded the file from the Comelec website and the one who leaked it to the public," De Aguto claimed, before adding that a third suspect remains on the loose. The cyber police department said it also plans to trail those who downloaded the leaked database.
"Enjoy the lulz"
Speaking exclusively to IBTimes UK, a member purporting to be from the LulzSec Pilipinas group echoed the claim the hack was carried out to "expose how vulnerable the Comelec website is" however denied the two groups were working tightly together.
"We already had access to the website months ago before Anonymous Philippines defaced it. We saw the opportunity to join the fun," our source said. "Regarding the arrest, [they can] find us if they can. We will just watch and enjoy the lulz"
As previously reported, authorities arrested a man called Paul Biteng on 20 April on a number of cybercrime-related charges. Biteng was apprehended at his home in Sampaloc, Manila and also reportedly admitted his role in the hack. Following the arrest, Comelec spokesperson James Jimenez said his organisation is doing everything it can to resolve the issue "at the soonest possible time." He added: "I apologise for this continuing attack on your privacy."