Filtered By: Topstories

NBI: Ex-Smartmatic employee admits money offer in data leak mess

The National Bureau of Investigation (NBI) on Tuesday said the former Smartmatic employee implicated in the alleged security breach in its system was promised money of up to P300,000 in exchange of the access to his company laptop that would be connected to the facilities of the poll service provider.

During the Senate Committee on Electoral Reforms hearing, NBI Cybercrime Division (CDD) chief Victor Lorenzo said that Ricardo Argana of Smartmatic admitted during an administrative inquiry on January 12 that he shared his credentials to an unknown third person he met on Messenger in exchange for “free lectures.”

However, he said that Argana later on revealed to them that he was also promised money from P50,000 to P300,000.

“In the administrative inquiry conducted by Smartmatic, he only admitted having been promised training modules in exchange for allowing them, the third party, to access his laptop in order to be connected to the Smartmatic facilities,” Lorenzo said.

“But, when he appeared in our office, he admitted that he was also promised, aside from training modules, he was also promised money ranging from P50,000 to P300,000,” he added.

In his presentation of the timeline of events, Lorenzo narrated that Argana brought home his company laptop on December 29, 2021 during the completion of tests in the Comelec warehouse. He returned it on January 3, 2022.

He stressed there was an “unusual traffic and downloads logged in SMMT Systems” recorded from December 28, 2021 to January 2, 2022. The said activity was only detected on January 9 that was traced to Argana, he added.

Former Comelec commissioner and now Smartmatic legal counsel Christian Robert Lim admitted to this “unusual traffic.”

“Yeah, we admit that, your Honor. The company internet server, there was an unusual heavy access of the files,” he said.

Further, Lorenzo noted that on January 14, a certain XSOS Group sent an email to Smartmatic claiming that it had infiltrated networks and exfiltrated its inner documentation. In the same email, XSOS was said to have offered to provide prevention services to Smartmatic.

On January 16, he added that XSOS sent another email threatening to send the files that it allegedly obtained to the Congress and the media.

Lorenzo noted that XSOS made four Facebook groups on January 19, March 23, March 26, and April 15 and uploaded pictures of files allegedly taken from Smartmatic's systems.

It could be recalled that in January 2021, the Comelec assured the public that election data for the 2022 polls were not hacked, disputing a report by the Manila Bulletin that poll data -- network diagrams, IP addresses, list of all privileged users, domain admin credentials, among others — were hacked.

Last week, the NBI-CCD conducted a search operation at the residence of Argana, where they found his smartphone and some SD cards hidden in a room’s ceiling.

Authorities also dismantled the Wi-Fi router that Argana used to have access to gadgets of five other IT suspects for six days. While Smartmatic’s laptop was returned, Argana already encrypted it so it won't be subjected to forensic examination, NBI said.

NBI-CCD chief Victor Lorenzo said Argana’s contract with Smartmatic was only for six months, but part of his job was to determine the possible glitches in the system.

Lorenzo said the NBI is inclined to believe that Argana was not acting alone as there were 726 logins recorded within six days in Smartmatic's system.

“We believe that he’s not acting alone because he is not that fluent in English and XSOS communicated with Smartmatic, if you see in the letter, that medyo articulate po sila [they are quite articulate]. Smartmatic was also able to retrieve 726 logins in six days, meaning it will be physically impossible for the former employee to navigate the control of environment for 726 times in a matter of six days,” he said.

For its part, Smartmatic’s Lim said the company has adopted a “more stringent approach” in screening employees, and are now requiring them to leave their laptops in the offices.

A total of 720 counts of unlawful access were filed against Argana, who is still at large, NBI said.

Lim also said Smartmatic is now contemplating filing a civil case for damages against Argana.—LDF, GMA News