CICC removes defaced subdomain, says core infrastructures remain secure

A subdomain of the Philippine government’s cybercrime enforcement portal was defaced by unknown attackers, replacing the official page with a message criticizing government officials and the country’s digital infrastructure.

The compromised page, takedowns.cicc.gov.ph, is operated by the Cybercrime Investigation and Coordinating Center (CICC), an attached agency of the Department of Information and Communications Technology (DICT).

The altered page displayed a black background with a lengthy message containing profanity and attacks against government officials. The message mentioned Henry Rhoel Aguda, secretary of the DICT, and mocked the country’s digital governance. The attackers signed the message using the alias “BlueFarow.”

The takedowns subdomain is a part of the government’s mechanism for coordinating the removal of malicious or illegal online content. Such portals are typically used to facilitate the reporting and removal of fraudulent websites, phishing pages, scam platforms, and other digital assets linked to cybercrime. Authorities often coordinate with internet service providers, hosting companies, domain registrars, and online platforms to disable harmful sites once verified.

Because of this role, the portal forms part of the government’s broader infrastructure for responding to online threats and protecting internet users from scams and other cyber offenses.

In a phone interview, the executive director of the Cybercrime Investigation and Coordinating Center Usec Aboy Paraiso confirmed that the agency is already investigating the incident.

He said the agency detected an unauthorized defacement on a publicly accessible subdomain of the CICC website.

According to the official, the incident affected a page under the takedowns.cicc.gov.ph subdomain used to support coordination related to reporting and removal of malicious online content. The affected page has since been taken offline while security checks and remediation measures are being conducted.

“We assure the public that protecting the integrity of government digital infrastructure remains a priority, and additional security measures are being implemented as part of our ongoing cybersecurity posture improvement.” Paraiso told TechWatchPh

The CICC executive director added that initial assessment shows no indication that core CICC systems, investigative databases, or sensitive government networks were compromised.

Technical teams are currently conducting a forensic investigation to determine how the intrusion occurred and what vulnerability may have been exploited. Measures are also being implemented to prevent similar incidents in the future.

The agency is coordinating with other government units and cybersecurity partners to identify the individuals responsible and determine possible violations under Philippine cybercrime laws.

Website defacement attacks typically occur when attackers exploit vulnerabilities such as outdated software, weak administrative credentials, or misconfigured servers in publicly accessible web systems.

While defacement incidents often aim to embarrass organizations rather than steal data, they can expose weaknesses in online infrastructure and highlight the importance of maintaining strong cybersecurity practices across government platforms.

As of writing, the takedown site remains inaccessible.