The X Account Hack That Targeted the Philippine Coast Guard: A Cybersecurity Incident Report

PCG's X account hacked, erased, restored. CGPAS coordinates with the X Support Team. Incident raises cybersecurity concerns.

(C) IT Weapons

On February 15, 2024, the Philippine Coast Guard (PCG) announced that its official X account, @coastguardph, had been hacked and compromised by unknown perpetrators. The incident, which lasted for about an hour, resulted in the deletion of all the posts and media on the account, and the disruption of the PCG’s communication and information dissemination to the public. 

The incident also raised concerns and questions about the security and vulnerability of the PCG’s online platforms and systems, and the possible motives and identities of the hackers.

The Incident Details and Timeline

The incident details and timeline of the X account hack are:

The incident details: According to the PCG, the incident occurred at around 10:30 am on Thursday, February 15, 2024, when the Coast Guard Public Affairs Service (CGPAS) noticed that they had lost access to their X account, and that all the posts and media on the account had been erased. The CGPAS immediately contacted the X Support Team to report the incident and to request assistance. 

Keep Reading

‘Is it Wise?’: How the Philippines Uses Hackers for Cybersecurity and National Security

Could it be a Thaw: China offers PH to Help with Tracking Hackers

Marcos Slams China’s ‘Dangerous’ Moves in South China Sea

South China Sea Tensions: Philippines Slams Coast Guard Actions

The Dark Side of Social Media: How Fake Friend Scams Have Become More Prevalent and Sophisticated

The X Support Team advised the CGPAS to standby for further assistance and to change their password and enable the two-factor authentication feature. The CGPAS also issued a statement on their Facebook page, informing the public about the incident and urging them to be cautious in receiving any tweets from the compromised account.

• The incident timeline: According to the X Support Team, the incident timeline of the X account hack was as follows:
• At 10:28 am, the hackers gained access to the X account by using a phishing email that tricked the CGPAS staff into entering their login credentials on a fake X login page.
• At 10:30 am, the hackers deleted all the posts and media on the X account, and changed the account’s profile picture, bio, and banner to blank images.
• At 10:32 am, the hackers tweeted “Hello world” from the X account, which was the only tweet that was posted during the incident.
• At 10:51 am, the CGPAS reported the incident to the X Support Team, and the X Support Team locked the X account and initiated the recovery process.
• At 11:30 am, the X Support Team restored the access and the contents of the X account to the CGPAS, and advised them to strengthen their security measures and to scan their devices for any malware or viruses.

The Incident Investigation and Response

The incident investigation and response of the X account hack are:

The PCG said that it had launched an internal investigation to determine the cause and extent of the incident, and to identify and prosecute the hackers. The PCG said that it had also coordinated with the National Bureau of Investigation (NBI) and the Department of Information and Communications Technology (DICT) to conduct a joint investigation and to seek their expertise and assistance. 

The PCG said that it had also requested the X Support Team to provide them with the IP address and the location of the hackers, and to preserve any evidence or data related to the incident