The Civil Aviation Authority of the Philippines (CAAP), was targeted by hackers yesterday who defaced the website with Chinese characters.
According to an analysis done by Nullforge, a local cyber security company, CAAP had several site vulnerabilities including:
- Outdated Joomla CMS v3.6.5 – http://www.caap.gov.ph/administrator/manifests/files/joomla.xml current stable version is v3.8 – (lack or the absence of patch management
- There is a known zero-day exploit for Joomla CMS v3.6.5 circulating in the wild.
- There were several security violations that was spotted on the CAAP website that can been seen by any security searchers or skilled attackers. (Lack or the absence of vulnerability assessment and penetration testing)
CAAP is the government agency responsible for regulating aviation in the Philippines.
As of posting time, the site is under maintenance but searching the Philippines’ “Civil Aviation Authority” on Google will turn up with Chinese characters in the link to CAAP’s website.
Coconuts Manila reached out to CAAP for a statement on the hacking, but we have not received a response as of posting time.
According to Nullforge, this is the second time in two months the CAAP website has been hacked.
Several other government websites were previously hacked including the government’s censorship board (MTRCB) in 2016 and the website of the environment agency in 2012.
The most serious hacking incident happened in 2016 when hackers penetrated the election commission’s website and stole the data of over 55 million registered voters.
Reader Interactions