A netizen in Twitter stumbled upon a script automatically inserted in most government websites such as COMELEC, DICT, Laguna Provincial Website and even Malacañang. According to him, the script may be meant to monitor browsing activities pass it on to what appears to be a server in China. In a series of screenshots published in his Twitter account ‘Dominic Ligot’. He narrated how he was just trying to modify his mother’s website until he noticed a weird script inserted to the web-page which he clearly did not insert himself. The same script is also automatically inserted on certain government websites which doesn’t use an HTTPS protocol.

On the script itself it points to a certain Chinese website which may have been a server through which the victims browsing data is being passed over for analysis.

Dominic also showed a WHOIS record of the website confirming its Chinese origin

He also added that browsing traffic has been maliciously redirected to an IP Address in China exposing all unencrypted passwords and confidential information to Chinese authorities!

https://i1.wp.com/pbs.twimg.com/media/D2wc7H_UYAARgvw.png?w=640&ssl=1

Here’s the following screenshots which showed Malacañang and Comelec with the malicious script inserted

https://i0.wp.com/pbs.twimg.com/media/D2wlluAUcAcOjnx.jpg?w=640&ssl=1

https://i0.wp.com/pbs.twimg.com/media/D2wq2o8U8AIbpxF.png?w=640&ssl=1

What does this mean to us?

It’s quite possible that China might have been using this to spy on our daily browsing habits or even to track down Chinese citizens in the country. Also, the Chinese authorities may even be able to intercept confidential information such as instant messages, emails and even passwords when sent through an unencrypted connection. Owing from the fact that many of the government websites had these scripts inserted could prove that many government agencies may have already been monitored by China.

From what I gather. This seems to be only happening on modems and routers manufactured from China including the popular Smart Wifi gadget which was used by many business-men, politicians and even for home uses when browsing online or sending pertinent emails. In this regard, we can now confirm that China’s sketchy agenda of selling cheap and affordable devices has a serious security drawbacks. We are hoping to receive some kind of an explanation from Smart Communications or even from Huawei themselves. And I’d like to glean on their justification as to why they hacked into our computers and tracked our browsing traffic?

What is the scope of the attack? What would China gain from it?

If Internet traffic has been redirected over to a Chinese server then it would allow Chinese intelligence units to read unencrypted emails and passwords. Bear in mind that almost all of our government websites does not have SSL Encryption installed on them which makes them rife for the attack. Many of our government units aren’t well aware of cyber-security and would sometimes send confidential information through unencrypted channels. We need to understand that the attack is only limited to ‘Chinese made ‘Huawei’ Smart Wifi product and or via  Smart Sim plugged into a Chinese manufactured phone.

China’s goal might have been to capture as much information about our Internet usage or to track down much needed intelligence information so they can pass it through Duterte’s administration. Most arguably, it can track dissenters and many people who opposed the current regime. Even politicians who transmits unencrypted data over these devices can intercepted and shared with the Duterte administration.

How do we protect ourselves from these attacks?

My best advice would be to steer clear in using any ‘Chinese’ manufactured internet capable device especially Smart Wifi which has allowed these mass insertions to take place. Also, since most of the networking components in almost every ISP is made in China. The best way you can do is to make sure that you are only sending emails via SSL and accessing websites that uses HTTPS protocol. You’d be able to notice this at the top of the address bar where there’s a green padlock indicating that all data passed on to this website is encrypted and can’t be intercepted by outside parties.

Comments

comments

Leave a Reply

Your email address will not be published. Required fields are marked *