Cyber Incident Victim: Civil Service Commission

A hacker identifying as IamNoobie discovered vulnerabilities in the Philippine Civil Service Commission’s (CSC) systems through passive scanning techniques in early March 2021. The attacker employed Google Dorking methods, using specialized search operators like "site:gov.ph" and "filetype:xls" to identify exposed files and services on government web infrastructure. IamNoobie specifically targeted the CSC server after expressing frustration with inadequate cybersecurity practices across Philippine government agencies. The reconnaissance revealed multiple unpatched vulnerabilities that could enable server compromise, though the article does not specify the exact technical weaknesses. The hacker contacted journalist Art Samaniego to disclose the findings, framing the actions as retaliation against systemic security failures rather than seeking financial gain. No evidence suggests data exfiltration occurred beyond the initial vulnerability discovery phase.

The breach exposed thousands of user records, though the article provides no precise count or specific data types compromised. CSC officials acknowledged the incident after media reporting and implemented unspecified remedial measures to address the vulnerabilities. Manila Bulletin covered the technical disclosure process, highlighting how basic search techniques could uncover government system weaknesses. The Commission’s public statement confirmed system remediation but did not detail forensic findings, user notification processes, or long-term security improvements. Impact was limited to data exposure rather than confirmed malicious use, with no subsequent reports of credential misuse or secondary attacks linked to this incident.