DICT's 'sandbox' site infiltrated

The Department of Information and Communications Technology’s (DICT) “sandbox” website, which the agency uses to test potential suspicious programs, has been compromised, its spokesperson said Tuesday.

In a virtual interview with reporters, DICT spokesman Assistant Secretary Renato Paraiso confirmed that “one particular site in our website was infiltrated.”

“However, this site is where we test our VAPTs or Vulnerability Assessment and Penetration Testings. This is where we test our scanners,” Paraiso said.

The DICT official said the site acts as the agency’s “sandbox” to “test our systems [using] pre-determined vulnerabilities.”

A sandbox, in information and communications technology, refers to an isolated environment where developers test malicious codes without harming the host network.

“It’s isolated… This is a sandbox environment wherein we test our VAPTs, we test our scanners as well,” Paraiso said.

“This site is also being used to study and gather data on other methods of hacking,” he added, noting that hackers who infiltrated the DICT’s “sandbox” were basically “hacking what we are hacking.”

Nevertheless, the DICT official said no sensitive information was compromised since the data in the sandbox site were only for testing purposes.

“We will be constantly upgrading not only the DICT website and our systems, but also the other systems of government,” Paraiso said.

The news comes after a series of cyberattacks on government websites. State health insurer PhilHealth was hit by a ransomware attack last month, with the data of 13 million individuals compromised. — BM, GMA Integrated News