PNP arrests suspected hacker in Laguna

Maan Macapagal, ABS-CBN News

MANILA - The Philippine National Police-Anti Cybercrime Group (PNP-ACG) has arrested a
22-year old computer hacker allegedly victimizing credit card holders through a phishing site.

The suspect Ace John Candelario was arrested by PNP-ACG operatives inside his house in
Barangay Laram, San Pedro, Laguna Tuesday.

The complaint came from banks who have received several disputed transactions from their
cardholders.

“Naka-receive kami ng several complaints galing sa mga major banks na mayroong mga
disputed transactions sa kanilang mga cardholders kaya nag conduct kami ng investigation.
Kinuha namin mga details until such time na it led to the identification of our suspect,” Senior
Insp. Artemio Cinco, PNP-Anti Cybercrime Group spokesperson said.

Candelario’s scheme was to send an email to the cardholder making it seem like it came
from the bank. Once the victim clicks on the link, the person will now be diverted to a
phishing site where the victim will be asked to update personal information, allowing the
suspect to encode the details.

“Kunyari ay may update na kailangan, may mga changes sa website so they need again
'yung mga financial information like 'yung bank account numbers, card numbers, passwords,
email. Lahat ng puwede nilang makuha sa'yo. Minsan inform ka nila na nag-increase ang
credit limit at 'yun ang way para makuha nila ang mga information sa'yo,” Cinco explained.

Once the hacker is able to access personal information, he can now use the victim’s credit
card information to purchase goods from online shopping sites and online food deliveries.

“Base sa mga records na nakuha namin sa mga fastfood chains, pangalan niya mismo ang
ginagamit niya. During interview sa kanila ay may mga penetration testing na nagpapakilala
talaga sila para malaman ng mga companies kung ano ang capabilities nila,” Cinco said.

Another way hackers obtain cardholder details is when they are able to get into the bank’s
website where cardholder’s records are available.

“Especially 'yung mga website na nagki-keep ng mga record natin. Pag na-hack nila 'yan ay
lahat ng email address ay gagamitin nila at puwede silang magpadala ng mga phishing links.
At 'pag ito ay na open nila ay makikita nila kung ano ang ginagamit mong bangko. So from
then on ay papadalhan ka nila ng mga links na connected sa bank po. At 'pag na-provide mo
'yung iyong mga information, dun ka na nila mabibikitima,” Cinco said.

Oftentimes, banks are not able to return the money taken by the hackers to the cardholders
especially when investigation shows that the cardholder was negligent about keeping his
information private.

Cinco advised the public not to open spam emails and to look if the web address of the
bank’s website is secure. He also said people should be wary of giving out personal
information online or via phone calls.

Questions
1.What assets were compromised?
2.Who were the attackers (threats)?
3.What has been done to prevent the incident from happening in the future?

Answers
1. The asset that were compromise was the credit card holders.
2. The hacker was Ace John Candelario and he makes use of phising site as an online
threat ti harm those credit card holders
3. Senior Inspector Artemario Cinco, PNP-Anti Crime Cyber group spokesperson,
advised the public not to open spam emails and to look if the web address of the
bank’s website is secure. He also said people should be wary of giving out personal
information online or via phone calls.