Statement by the UP President on the defacement of the UP System website last 20 April 2012

As reported in the media last 20 April, a hacker or hackers defaced the University of the Philippines (UP) System website (http://www.up.edu.ph/) with a politically charged message on the territorial dispute between the Philippines and another country. This hacking incident prompted our University Computer Center (UCC) to temporarily make the site inaccessible. The UP website has been back online since the other day.

After getting relevant information from the UCC which hosts the website, we are issuing this statement to apologize about the down time, strongly criticize the perpetrators, and publicly clarify the situation.

First, we apologize to the affected UP constituents and the public if they felt deprived of UP-related information available on the UP System website for practically the whole day last April 20 (Friday).

Second, we denounce the action of the hacker or hackers for depriving the public of vital information related to UP, especially the schedule of commencement exercises in the nine UP campuses and the April issue of the UP Newsletter which was uploaded only last 17 April.

Third, we clarify that no private data were stolen by the hacker or hackers and that the UP constituents' data contained in the computerized registration system, WebMail and others were not compromised.

According to the report by the UCC, the hacker or hackers exploited a vulnerability of, and added unwarranted content to, the website at around 2:20 a.m. on 20 April. The UCC technical team became aware of the situation at around 4:50 a.m. and responded immediately by closing all access to the web server.

The UCC has already made adjustments to the restored site to prevent a similar incident from happening again, details of which we opt not to divulge for security reasons.

While the UCC has been able to trace the IP address of the hacker or hackers to a specific country, we seek the public's understanding if we do not identify the country of origin for two reasons. First, the IP address can be masked to appear as if someone is working from a specific location. Second, even assuming that the IP address was not masked, it is still possible that someone compromised a machine from that specific location to deface the UP System website.

Yesterday, news reports circulated that hackers, claiming to come from the Philippines defaced the websites of several institutions in China. Their actions, they claimed, was in retaliation to the hacking of the UP website.

We appeal to the public to avoid jumping to conclusions and taking actions that could further inflame people's sentiments, particularly on the territorial dispute between the Philippines and China. Hacking selected websites at the suspected country of the hacker or hackers does not objectively articulate any political issue and only subjectively fulfills a personal desire to "get even". Giving the perceived "enemies" a dose of their own medicine by hacking their alleged country's websites achieves nothing but unproductive counter-actions.

As we call on the media to avoid sensationalizing the defacement of the UP System website, we also call on the concerned technology-savvy Filipinos to stop hacking other websites, particularly those from China. Filipinos are more sensible than this, and our expertise is better used in productive endeavors.