A data and analytics consultant raised red flags over the security of several government websites after discovering a "strange" script with links to China inserted in their source code.
Dominic Ligot, a founding board member of the Analytics Association of the Philippines (AAP), on Friday posted a series of tweets detailing how he accidentally found the issue while fixing his mother's website.
Upon investigation, he determined that the script contains an unknown private domain which referenced two Chinese websites, people.com.cn and caijing.com.cn.
"I verified the domains, they're really Chinese domains, so sabi ko, wow, something must be up," Ligot told GMA News Online in an interview on Monday.
After ensuring that the website was not hacked and his laptop was not infected by a virus or malware, Ligot conducted a series of tests to determine how the script got into the website.
He found that the script only appears when he was using a Chinese phone, connected to the internet using an old Smart SIM card, and only on some websites with no Security Socket Layer (SSL) certificate.
According to Norton, a US-based digital security company, an SSL certificate "provides authentication for a website and enables an encrypted connection," similar to sealing a letter in an envelope.
This can be checked on the search bar of the web browser, which should indicate https or Hyper Text Transfer Protocol Secure before the URL (Uniform Resource Locator).
Incidentally, many government websites do not have an SSL certificate. Ligot discovered six which have the strange script inserted in their source code: malacanang.gov.ph, dict.gov.ph, comelec.gov.ph, pnp.gov.ph, navy.mil.ph, and laguna.gov.ph.
As of press time, the Philippine Navy and the Provincial Government of Laguna websites are now showing an https protocol.
Ligot said the script he found does two things: look for a specific tag where it can insert itself and collect information on the user.
"It will then gather data about what you're surfing on: the time and what website you're on," he said. "And it sends it back to the server that wrote it."
"If the people who get this data are more sophisticated, then I'm sure they would also correlate that with anyone," he added. "They could get your IP address, they might even get what device you're using. So in a way, it's not a direct identifier but it's kind of like a profile in itself."
In his twitter thread, Ligot initially declared that his findings were proof of Chinese spying in the Philippines because of the reference to the two Chinese websites.
He has since retracted that statement, but he still expressed concern on the apparent vulnerability of government websites and data privacy of users.
"There's actually no direct proof that China is proactively spying," he said. "But the other issues remain, and no one has given me any sensible explanation why those things are the way they are."
Ligot says the script possibly constitutes an offense under the Anti-Cybercrime law such as illegal interception or system interference. —LDF, GMA News