What Happened
In August 2013, a hacker using the alias Hitman — co-founder of the Philippine hacktivist group Pinoy Vendetta — breached and defaced the websites of Lyceum of Alabang (Muntinlupa City, Metro Manila) and La Consolacion University Philippines (lcup.edu.ph, Malolos, Bulacan). On both sites, Hitman posted the message: "Secure your site Admin".
On La Consolacion's website, Hitman additionally uploaded a PHP proxy script that allowed anyone on the internet to route their web traffic through the university's server. His stated justification was that he wanted to help students bypass campus network restrictions — though the unauthorized server access itself was a crime regardless of intent. Newsbytes.PH reported the defacements on August 1, 2013; Pinoy Hack News covered the proxy script incident on August 3, 2013.
Attacker
Hitman was a co-founder and prominent member of Pinoy Vendetta, one of the most active Philippine hacktivist groups of the 2012–2015 era. The group's activities ranged from opportunistic defacements to politically motivated attacks (anti-mining, anti-pork barrel scandal) and later DDoS attacks against Philippine media outlets (traced by digital forensics group Qurium). Hitman was characterized as a "grey hat web defacer" who often framed intrusions under public-interest justifications. A Zone-H defacement record exists for Hitman / lcup.edu.ph, confirming the La Consolacion incident in the public defacement archive.
What Was Compromised
As a website defacement, the primary impact was alteration of public-facing content. The PHP proxy script on La Consolacion's site was a more serious compromise — the university's server was turned into attack infrastructure. The extent of any further data access behind either intrusion is unknown.
Context
The attacks occurred during a peak period of Philippine hacktivism:
- Early 2013 — Philippine and Malaysian hackers traded defacements over the Sabah territorial dispute
- March 2013 — Anonymous Philippines defaced the Philippine President's website
- August 2013 — Pinoy Vendetta and affiliates targeted government, corporate, and school websites across the Philippines
- November 2013 — 38 government websites defaced demanding PDAF abolition
Why This Breach Matters
- Named attacker with documented group affiliation — one of the best-attributed early school defacements in the Philippines
- PHP proxy abuse — uploading a proxy script goes beyond defacement; it turns the school's server into attack infrastructure
- Earliest documented school cyberattacks — among the oldest known incidents of Philippine school websites being targeted
Lessons for Schools
- 1.Disable server-side script uploads — web servers should never allow unauthenticated file writes; a PHP proxy requires filesystem write access
- 2.Keep CMS platforms updated — many defacements exploited known vulnerabilities in unpatched WordPress or Joomla installations
- 3.Monitor for unauthorized files — file integrity monitoring detects when new scripts are added to a web server
- 4.Backups enable recovery — regular backups allow quick restoration after a defacement attack
Sources & References
All sources are independently verified. Access dates and archive links are recorded for each citation.
- [1]Newsbytes.PH — Websites of 2 schools, Bohol town hacked — reports Hitman (Pinoy Vendetta) defaced Lyceum of Alabang and La Consolacion University Philippines (August 1, 2013)
- [2]Pinoy Hack News — Pinoy Vendetta — Pinoy Hack News (Aug 3, 2013) — reports Hitman's PHP proxy upload to La Consolacion University Philippines (lcup.edu.ph)
- [3]Rappler — Davao-based hacker linked to DDoS group — Rappler profile of Pinoy Vendetta members and their 2013–2015 activities
- [4]Inquirer Tech — Hacktivists to Aquino — Inquirer coverage of Philippine hacktivist groups including Pinoy Vendetta's 2013 wave of attacks