Alex Laguilles, and the hacking incident

Back in November 2008, popular local classified ads site was hacked. Members accessing the site then were surprised that they were instead seeing a parked domain. Rumors abound that whoever owns that Sedo account must have earned a lot because the thousands of visitors of Sulit were redirected to that Sedo-parked site.

Last week, the company in charge of .ph domains in the country — aptly named DotPH — published on their site the results of their investigation about the hacking incident.

In that juicy article reminiscent of ABS-CBN’s show SOCO: Scene of the Crime Operatives, DotPH identified the culprit as Alex Laguilles, a Legaspi City, Albay resident.

The full investigation results can be read here. A few excerpts:

On 9:24 p.m. of November 6, 2008, the hacker logged into the DotPH system and exploited a vunerability on the website where the primary user of a domain account was changed to a new user.

After successfully logging in as the primary user of the Sulit domain, the hacker changed the site’s nameserver to the nameserver of his Sedo-parked site.

DotPH, however, has all these transaction logs and with the help of Sedo and the hacker’s internet service provider (ISP) Bayantel, the IP address and exact location of the hacker were identified.

When that same IP address range logged into DotPH and registered seven (7) new domains, it triggered an alarm and DotPH immediately checked who the owner of the account is. They discovered that the domains were created under the account of an Alex Laguilles from Gov. Forbes St., Legaspi City, Albay.

DotPH did not want to immediately confront Laguilles about the hacking incident but instead called him to inquire about the new domains he created. After the call, DotPH was convinced Laguilles owned the account used in the hacking incident.

Then in true SOCO-like fashion, DotPH sent a spy operative to gain more information about the suspect. The operative took surveillance photos and interviewed key persons that will help them build a strong case against Laguilles.

In the end, DotPH believes they have found the guy.

The hacking incident took place on November 6, and by Monday the 10th we had already ID’ed the guy and found out where he operates from. It took us some more time to get the documentation needed to file a case, after which we handed all our evidence to NBI. Laguilles should be expecting a knock on his door any time soon.

Assuming Alex Laguilles was indeed the hacker, our question to him: sulit nga bang i-hack ang Sulit? (was hacking Sulit worth it?)

1,331 thoughts on “Alex Laguilles, and the hacking incident”

  1. I came out to this opinion after reading the article from dotPH.
    dotPH proudly say the word “How to catch a hacker?” or should I say “How to explain further?” sa kapalpakan ng sistema sa seguridad ng dotPH? Or “How to catch an idiot?” Why Alex leaves out tracks if he’s a real hacker?
    It says there that the culprit is using the same series of IP addresses, and if he was a hacker by all means he should use different IP addresses so he will not be traced. He can use hundreds or thousands of internet anonymous proxies out there!
    dotPH were being attacked with IE 7 and Windows XP (nakakatawa) and was just a victim of the negligence and lack of security of the official domain registry of the philippines (dotPH). It is NOT TRUE that sulit were being hacked. Every changes on dotPH part where sulit registrar for domain name will immediately affect website that’s why it happens.
    WHY THIS HAPPENS TO dotPH? Why lack of security in the first place?
    Do they (dotPH) have any security audit for suspicious domain registrants? Using fake names and addresses?
    Do they (dotPH) have any security audit for suspicious modifications or alterations on DNS? Or at least confirmations to the .ph owner’s email address that they are officially change their Name Server?
    Do they (dotPH) have any security audit for suspicious activity on their website’s client page?
    “Akala mo lang meron pero wala, wala, wala!” Sorry man!
    On the Bayantel side that wasn’t supposed to be done, BayanTel should not give any information that easily, they should have waited for a court order before giving information. Only means they don’t protect their customers. This mean that we can call them anytime asking for some information and pretend that I’m someone? Di ba!
    “How to catch a hacker?” dotPH says. They’ve been pointing out names on the article and SOCO like investigations without having proof if this is really the person to catch? Is this legal? What about human rights?
    I think dotPH should be thankful for at least they are lucky because if this person was indeed a real hacker, all .ph domains will possibly be altered/deleted and someone… I mean everyone will be knocking on dotPH door eventually if that happens.

  2. Wow talaga, hindi ko alam kung kanino ako bibilib, kay Alex or sa DotPH. Pero I guess mas nakakabilib si Alex kasi kahit nga nakaya nyang lusutan ang DotPH at Sulit! Sana kasing galing nya rin ako, pero dapat ethical parin. He could have earned more in the long run sa skills nya kaso binangga nya pa ang laws of the land eh..hay. It would always serve as a lesson sa lahat na kahit ano man tayo kagaling, we should always follow the laws kasi nga limited lang lahat ng bagay. Tsaka pag hindi hard earned ang pera parang hindi mo masyadong ma appreciate, di ba? Kaya sa marunong mag lagay ng Adsense sa loob ng post nila, paturo naman oh. Thanks!

  3. Grabe!!! I think there is something wrong with Dotph security…This is the first time to know that Internet Explorer can easily used to hack Dotph system? Buti nga mabait pa siguro hacker na ito because of what he found/discover out, he can manipulate all BIG NAMES like, etc… because of security weakness of their website and yet HINDI NYA PINAKIALAMAN. I am not giving out my side to this hacker but the reality is… masyado sigurong vulnerable ang system ng Dotph kaya kahit IE ma-hack na sila! grabe na talaga to!

  4. @Tyrone, exactly what I was thinking. While it’s commendable they were able to track down the hacker, the pro-active approach would have been to make sure their systems were patched accordingly and secured against all known vulnerabilities to prevent hacking in the first place, unless the hacker used a zero-day exploit. Sorry for the geekspeak, lumalabas ang IT background… hehe.

  5. I first read this incident at the blog of Dexter. I really wonder how did the hacker changed the password of sulit and accessed it? It makes me think that dotph is quite vulnerable to hacking attacks.

  6. whowh! this is very nasty! hackers these days are very sophisticated alredy. they should be apprehended by the law. good thing, there are also people who are battling them out

  7. It’s good they were able to pinpoint the hacker. However, I wonder why the hacker was able to exploit a vulnerability in the website of dotph in the first place.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top