Threat-Level: Why the Taiwanese attack on PH Government DNS is a clear and present danger

A report was published by Interaksyon indicated that Taiwanese hacktivists breached dns.gov.ph. The Department of Science and Technology controls the government’s domain names. They provide to each agency, a .gov.ph. Think of them as the government version of GoDaddy, but only caters to government agencies. While people I’ve talked to indicated the threat to the domain name system isn’t high, the very idea that there might be a threat to the government’s Domain Name System is frightening, and raises National Security implications. Control of the government’s domain name service is the digital equivalent of owning Metro Manila.

Let me explain.

The Domain Name System is like the Internet’s phonebook. If you wanted to call your mom, you click on her name, and the phone translates “mom” into her numerical phone number. The same is true with anyone opening up a web browser and tying “www.google.com”. It “looks it up” on the Domain Name System, and tells your browser, go to IP address so and so.

Now each country has their own domain name. .gov.us or plain old, .gov belongs to all United States government websites or agencies. In the Philippines .gov.ph is controlled and managed by the Department of Science and Technology. So if I was a government agency, and I wanted to put up a website, DOST is the place to register, cocoy.gov.ph.

So after registering cocoy.gov.ph with the DOST you can now enter into the record the IP address of your web server. This is what you call the “A” record, which is basically your IP address. Say 192.168.1.1 is your IP address. So you put that in your record. So every time someone types cocoy.gov.ph, the browser looks up the DNS record, and sees, “OK, cocoy.gov.ph is at IP address 192.168.1.1 and sends you there”. If two years from now, I wanted to move web hosting to a cheaper provider, for example, then I would change the DNS setting to the new IP address of that server. So for example, the new provider’s server is at 192.168.1.2, then the DNS A record for cocoy.gov.ph will be 192.168.1.2 and not 192.168.1.1.

DNS is also how email gets “routed”. For example, I ordered an email service from Google so I can have “[email protected]”. For this to work, you need to add what is called an “MX” record. This is basically saying, “send email to this address”. Now, Google to verify if you really are the owner of cocoy.gov.ph is going to ask you to add (as one of the options for verification), a record to your domain’s DNS record. It is basically proof that, indeed you are the legit person making a request.

Now, imagine, someone— a terrorist or another government— say China attacks our Government’s DNS. And they gain control of DNS? And if that government agency happens to be using Google’s email service? They can gain superadmin access to the email service by being able to verify that they are the legit owners of the domain. Then they can access email from there.

What if I don’t host email with Google? I host it on my own? They can still gain access to the email. They simply transfer the address away from gov ph’s email servers and write an email to Barack Obama using the President’s email address. “[email protected]#[email protected]!!~ Obama! with love, PNoy!”

An attack on DNS can mean they can transfer the address of a government’s website. GovPH? Well defended? Sure. A change in DNS means, they tell the Internet that instead of GovPH’s 192.168.1.1 address it is now 192.168.1.2— which they control, then they can create their own govph site. They just transfer it to their server, no problem. They can use the domain to send spam. Post whatever message they want.

That’s every government website, held hostage. makati.gov.ph? how about the COMELEC’s website? How about PAGASA’s Project Noah? MMDA? Our nation would lose key infrastructure.

Can you see where I am getting at?

If this attack was orchestrated by a nation state, it would mean we are already at war with another nation. What if the Taiwanese attacks originated from a Taiwanese government IP address? Say a botnet controlled part of the Taiwanese Ministry of Education? What if one employee sided with the hacktivists? So he used Taiwanese government resources? Does this mean we are at war with Taiwan? Is this a state sponsored attack?

This is the reverse of what happened with Kiram’s men. You have a group of people, looking for revenge, and they have a means of holding a nation hostage. The Taiwanese ultimatum: “The government of Taiwan has given the Philippines until Wednesday to apologise for the death of a Taiwanese fisherman whose vessel was fired on by the Philippine coastguard.

Taiwan is also demanding compensation and the arrest of those responsible.

It has warned the Philippines of diplomatic and economic measures if it does not respond positively.

The Philippine coastguard acknowledged that it had fired at the boat to “disable” its machinery.

It says that it was acting in self-defence.”

Distributed Denial of Service attack– flooding a website with requests so it becomes in accessible— on government websites is what hactivist claim is a version of spray painting. It is an act of protest, they say. Let us assume that this is remotely a valid claim, but an attack on the Domain Name System, is a an overt-threat.

Yes, the information I’m getting from the DOST suggests that it isn’t as remotely as I’ve described here. Maybe we dodged a bullet. Maybe they weren’t even close, but the fact that they have made a play on the DNS, and made some breach is a clear and present danger that this threat should be taken seriously.

Emotions are running high in Taiwan. Can they accept a verdict where they are wrong? And they do not stop attacking cyber infrastructure, does that mean the Taiwanese government is, condoning the attack? Does this mean, they want war? If they do, is anyone coming to that war? We all know very well the state of Philippine readiness. And what does “Economic repercussion,” mean?

Why emotions aren’t running high in the Philippines is beyond me. This is a serious, national security matter. A flash point of epic proportion, if not handled properly. While I have faith that the President can maneuver the diplomatic waters well, it is this feeling that we have the Visigoths are at our gates, and we’re defending the Fortress with pitch forks and knives, while they have automatic weapons.

Should not bow to terrorist demands? The fact that President Aquino has called for calm amidst this attack by Taiwan, is admirable. There has to be an option somewhere that any President can pull so he can act to defend Philippine sovereignty even on Cyberspace. This Taiwanese attack is a clear wake up call. The government of the Philippines needs to create its own cyber defense force for defense, and counter-attack. The next time, the Philippines might not be so lucky.

Cocoy Dayao

Cocoy is the Chief Technology Officer of Lab Rats Technica, a Digital Consulting company that specialises in DevOps, iOS, and Web Apps, E-Commerce sites, Cybersecurity and Social Media consulting. He is a technology enthusiast, political junkie and social observer who enjoys a good cup of coffee, comic books, and tweets as @cocoy on twitter.

Cocoy is also the Managing Director and Editor-in-Chief of the ProPinoy Project.

Cocoy considers himself to be Liberal.

  • Bert

    We have pitch forks and knives, while they have automatic weapons? Hmmmm, no match. Must be suicidal for us to start a ruckus against them considering that kind of mismatch. Our situation is hopeless for now.

  • Joe America

    Emotions in the Philippines would run high if Taiwan shot and killed a Filipino fisherman. I think Taiwan is out of control myself, and the Philippines is displaying considerable maturity to approach the matter systematically. Taiwan, in issuing an ultimatum to the Philippines, is behaving just like Big China, displaying an unforgiving, possibly racist, condescension against the Philippines, pretending some greater platform of moral standing before the facts are even in.

    I believe the Philippines needs to work on its own non-military weaponry, including economic punishments it can levy against other states, akin to Taiwan’s threat to stop accepting Filipino workers. And the Philippines should have its own cyber-military, offense and defense. (Thank’s for the fine blog topic.)

    Finally, you point out another need. Contingency when the internet and possibly even phone systems are out.

    You’ve written a very important article here.