Biteng and de Asis, two young IT graduates, have been arrested over the Comelec cyberattack Reuters

For the two hackers arrested under suspicion of orchestrating the leak of millions of voter records in the Philippines, the consequences of their actions are just beginning to sink in. Paul Biteng, 20, and Joenel de Asis, 23 were both apprehendedby law enforcement with the cybercrime division of the National Bureau of Investigations (NBI) in relation to a cyberattack at the Philippines Commission of Elections (Comelec) in March. If prosecuted, the pair face heavy prison terms.

"I don't want to be jailed," Biteng told the Philippine Daily Inquirer from his cell.

The Comelec website, which held a database of containing millions of electoral records, was breached and defaced on 27 March by hackers purporting to be linked with the Anonymous hacking collective. Then, a second group called LulzSec Pilipinas posted a trove of stolen citizen records online roughly three days later.

Upon analysis, it contained National ID numbers, names, addresses and biometric data, including fingerprint records.

Police now believe that Biteng and de Asis, two young IT graduates, both played a part in the cyberattack and are now touting sentences of over 60 years as a result, the Philippine Daily Inquirer reports.

"I can't believe I could get 60 years for that," Biteng said. "I think that's too much. I even asked my dad to do everything he could to post bail, never mind if we became dead poor. I want to be free again."

He added: "[Was] it worth it? Yes and no. Yes, because the public has become more aware. No, because what we did could have a big impact on the elections. What if someone claims the results were comprised because of what we did? Of course, that wouldn't be true but it would create an impact."

"Yes, I'd do it again"

However, de Asis, suspected of leaking the compromised data to the internet, said that if given a second chance, he would do it all over again, if only to highlight the weaknesses of the electoral system used in the Philippines.

"The Comelec lied when it said its website had strong safeguards," de Asis said. "It lied when [its officials] said there was no sensitive [voter] information in the database. So, yes, I'd do it again if only to disprove that."

Indeed, when the data dump was first leaked online, Comelec officials attempted to downplay the scale of election data included.

"I want to emphasise that the database in our website is accessible to the public," said spokesperson James Jimene. "There is no sensitive information there. We will be using a different website for the election, especially for results reporting and that one we are protecting very well."

Both arrested men now face charges of data interference, illegal access and misuse of computer devices. The hearings are set to take place between 4 May and 10 May.