'Comelec data search engine' shut down, but damage already done

Less than 24 hours after it went online, a website claiming to contain voter data has been shut down—but it may be too little, too late for tens of millions of Filipino voters.

As of early Friday, the website containing data allegedly stolen from the Commission on Elections (Comelec) was already inaccessible. The move follows in the wake of intense clamor from the public and private sectors for its takedown.

"As soon as we found out about that website, we referred to (the) NBI to take (it) down," Comelec spokesperson James Jimenez told GMA News.

He said that the website was hosted offshore, in Russia, but the government was able to contact the hosting company and have them take the site offline with some help from US authorities.

"As of this morning (Friday), ininform ako ng NBI na na-takedown nila yung site after the cybercrime department of the DOJ contacted its counterpart in the US," he added.

A group of still unidentified hackers took the data —supposedly the records of at least 50 million individual voters—and re-posted these into a searchable database on an independent site late Thursday.

The site raised concern because it was the first time since the Comelec breach that the raw data was presented in a way that anyone could easily look through—a sort of "search engine".

Government crackdown

Jimenez also said that the government is already hard at work tracking down and deleting copies of the information online.

"We've already been taking down various sites that claim they have a copy of the data, even if hindi pa namin nave-verify 100% kung data talaga yun ng Comelec," he said.

But cybersecurity experts are unanimous in saying that the damage is done: by now, the data may already have been copied an untold number of times.

And although the allegedly stolen data cannot be used for electoral fraud, it can still be used for other cybercrimes such as phising and identity theft.

"The bottomline, pag nandyan sa internet, nandyan na yan forever," said Engr. Pierre Galla of public cybersecurity watchdog Democracy.net.ph.

"So kung may nag-download, at marami nang nag-download malamang, kalat na yan sa internet. There's no way you can put the (proverbial) toothpaste back into the tube," he explained, pointing out that the data is already even available on torrent sites.

"It's very easily accessible. Anyone can get their hands on it now," Troy Hunt, an Australian web security expert, told GMA News Online in an interview via Skype.

Hunt is a Microsoft Regional Director and is also the creator of haveibeenpwnd.com, a website that allows people to check if their online accounts have been breached.

"There's an analogy which says, 'Trying to remove information from the internet is like trying to remove pee from a swimming pool'," he underscored. — with Aya Tantiangco/JST, GMA News