About Us
Not a breach but a warning after hackers deface old CICC portal
- Art Samaniego
- PHT
- CICC
The recent defacement of a subdomain under the Cybercrime Investigation and Coordinating Center (CICC) is not a cause for panic, but it is certainly a reason for concern.
Based on the available information, there is no indication that the agency’s core systems were compromised. The affected page appears to have been an outdated and inactive platform that remained accessible on a government server. This was also confirmed by CICC Executive Director Usec Aboy Paraiso, who clarified that the portal had already been retired from active use.
“The affected portal has long been defunct and is no longer used in our operations. It remained on the server but was not updated because the system had already been replaced,” Paraiso said.
When asked about the possible impact of the hacking incident on CICC operations, Paraiso assured the public that there is no cause for alarm.
“The initial assessment shows no indication that core CICC systems, investigative databases, or sensitive government networks were compromised,” he added.
In cybersecurity terms, this is less a sophisticated breach and more a classic case of digital housekeeping left unfinished.
Still, that does not make the incident trivial.
At some point, someone was responsible for maintaining that platform. When a system is retired, it should not simply be abandoned online like an empty building with its doors unlocked. Unused portals must either be fully decommissioned or secured. Leaving them publicly accessible creates an unnecessary attack surface, and as this incident shows, even a forgotten page can become an embarrassment for an agency tasked with fighting cybercrime.
Accountability matters here. Not in the spirit of blame, but in the spirit of discipline. Cybersecurity is not only about defending sophisticated infrastructures. It is also about the mundane yet essential practice of properly maintaining digital assets.
The lesson extends beyond one agency.
Many organizations, both public and private, continue to host old portals, test environments, beta systems, or legacy interfaces that were never formally removed. These forgotten systems often run outdated software and rarely receive security updates. Hackers know this and actively seek them out.
For administrators and developers managing government or corporate platforms, the advice is simple. When a system is replaced, do not merely stop updating it. Remove it entirely. Decommission the server, disable the domain entry, and archive any items that need to be preserved offline. A retired system that remains online is a vulnerability waiting to be discovered.
To its credit, the CICC acted quickly after the incident surfaced and removed the affected platform from public access. Rapid response is an important part of incident handling, and the agency deserves recognition for addressing the issue promptly.
More encouraging is the conversation now taking place within cybersecurity circles. There are discussions among stakeholders and insiders about establishing a formal bug bounty program that would invite ethical hackers and security researchers to help identify vulnerabilities before malicious actors do.
The Philippines has a vibrant community of cybersecurity enthusiasts, researchers, and ethical hackers. Many of them are eager to contribute to strengthening government systems if given the proper channel.
If structured properly, a bug bounty program could transform potential critics into partners, turning thousands of curious minds into an early warning system for national digital infrastructure.
Cybersecurity is never perfect. But it becomes stronger when institutions are transparent, responsive, and willing to work with the wider security community.
This incident should serve as a reminder that in cyberspace, even the smallest forgotten doorway can become the one that gets noticed. The real task now is making sure there are no more of them left open.
READ:
CICC removes defaced subdomain, says core infrastructures remain secure