The Interior Ministry is investigating how hackers got into the Facebook page of the National Election Committee (NEC) spokesman and controlled it for weeks, preventing the public dissemination of election-related information.
According a letter signed by NEC President Sik Bunhok and NEC spokesman Hang Puthea, a hacker gained control of the “NEC Spokesperson” Facebook page and Puthea’s personal Facebook profile on September 15.
Their letter does not describe the nature of the hack, but said that it “made it so that the public and general media could not receive information from the NEC on the election process, and disrupted the NEC spokesperson’s job”. With the ministry’s help, the accounts were recovered on October 4, according to the letter.
NEC Deputy Secretary-General Som Sorida and NEC communications department head Khorn Keo Mono both said that they were aware of the incident and referred questions to Puthea, who could not be reached for comment yesterday.
Chea Pov, director of the Interior Ministry’s Anti-Technological Crime Department, confirmed his department was investigating the hack but declined to provide details.
“We already found some clues” about who the hacker is, Pov said.
The “NEC Spokesperson” Facebook page has nearly 79,000 followers – about 23,000 more than the actual NEC Facebook page.
Comfrel database and research officer Korn Savang said the NEC created confusion by not informing the public about the hack, particularly because it overlapped with an ongoing voter registration drive, which began on September 10. The registration drive has so far seen lacklustre enrolment.
Savang said Comfrel recently cited a report posted on the “NEC Spokesperson” page about how 110,000 people had registered to vote in a single day in a roundtable presentation, only to find out later from the NEC that the data was posted by the hacker.
In reality, only 10,000 people had registered to vote that day, Savang said.
“This hacking, it is not a minor issue, but a big issue,” Savang said. “I think NEC has to strengthen their security to protect their data now that they’ve had this experience.”
Phnom Penh-based cybersecurity consultant Niklas Femerstrand said weak passwords and linking phone numbers to accounts are the most common ways for someone to hack into a Facebook account.
He said this hack appeared to be the issue of one person having a compromised account.
“The individual doesn’t represent the security of the organization,” Femerstrand said in a message.