Interview with busabos | Pinoy Underground Lurker’s Confession


Remember the 2009-2010 Government Website Intrusions in the Philippines? Did you remember that it was a pre-election intrusion?

Well lemme lighten you up with this Youtube video:

Now  do you have any ideas who defaced these gov’t websites? Some people claim that the defacer was an Indonesian but they don’t know that it was a Filipino known for his handle busabos.


I met busabos in IRC accidentally when I was still a first year seminarian, and so I decided to interview him today in IRC. Here are some of my questions:

1. What do you think about today’s generation of Philippine Underground groups like Philker, PrivateX, Pinoy Cyber Army and the like?

Philker = They are good but for me they don’t act like hactivists. They are willing to help the administrators of the websites they breached but defacing is still illegal even if you notify the admin.

PrivateX = They are kinda activists, aggressive and that I don’t see them boasting of their achievements and defaced links in forum sites.

Pinoy Cyber Army (Shakz’s PCA) = Shakz who is the admin of the said group is a retard. Sites that he breached are known to be raped by other underground groups like Ashiyane and SecurityBus (but not all hax). This guy is a showoff because he joins other forum sites to post the websites he pawned, sounds pathetic to me. And because he claims that he rooted some of the servers he hacked, I decided to check the websites he pawned and it just turns out that it was not “rooted” box at all. In his forum, he is also offering users premium access but what will be he giving to his premium members? O days? ASA! give me a break…

Shakz is very boastful and I think he was influenced by other Pakistanis out there but hey take a look on this link. He claims that his group is affiliated with the Pak Cyber Army but how come his site got owned by Shadow008 who also claims to be from Pak Cyber Army also? He was also given a shoutz to the deface page. Did they really bought their host/domain then they added a deface page on the host or is it a carded host then they defaced it?

2. When you were still in Asianpride, who do you think was the most elite hacker in the Philippines? Or should I say, one of the best coders and exploiters?


For me it was keech, dcoder and glitch12 who deserve such recognition as one of the best l337 hackers in the group. They code their own local exploits. During that time I was still a carder and I don’t really consider myself as a real #Asianpride (Old) because carding was forbidden in that group before. When the #Asianpride channel expired, glitch12 re-registered the group and that was the time when I was able to hang out with the members of Asianpride but some members of the 1st batch of the group were already inactive. There was also a time when PhilCarder, DarkScience, AsianPride and OneBall were reunited to form PH Team (not My mentor is an original Asianpride member and I was one of the people who was given ideas about exploiting.

3. What do you think about the Philippine government websites’ security?

There are some websites that are good but most of the websites are really vulnerable. It’s just that website admins in our government are too lazy to enforce security. They usually give excuses once the websites are defaced.

4. Do you believe in the National Bureau of Investigation’s forensic methods in tracing defacers and exploiters?

nbi logo

This time busabos didn’t answered me directly but he showed me a chat log of an NBI Agent he social engineered(take note that the chat log was originally in Filipino/Tagalog so busabos and I translated some of the logs):

apo_sapa (12:05:59 AM): si plague? (how about plague?)
busabos: ay sir dko inabutan un sa forum ( I wasn’t a member yet in the forum when plague was still there)
busabos: sorry sir for the paranoid members of ph (
apo_sapa (12:05:59 AM): Thank you very much for today
apo_sapa (12:06:13 AM): np lng (No problem)
apo_sapa (12:06:33 AM): so nsa abroad k nyan (So are you in abroad?)
apo_sapa (12:07:03 AM): if i may
apo_sapa (12:07:18 AM): ask ano work mo (what’s your job?)
busabos: @*#&@(#*@#(&@^#(#^@#@@*#&@(#*@#(&@^#(#^@#@ (censored)
apo_sapa (12:07:44 AM): tamang tama (exactly right)
apo_sapa (12:08:13 AM): okay lng ba sayo c noynoy (do you think that noynoy is just okay?)
busabos: well, he is the president
apo_sapa (12:08:30 AM): ako personally puro sa showbiz e (for me, most of the politicians are celebrities)
busabos: what we can do is to support the politicians and start doing good things for a change.

—- blah blah blah —-

busabos: is eyestrain from the eyestrain from locusts?
apo_sapa (12:10:14 AM): pagkaalam ko ( as far as I know)
apo_sapa (12:10:20 AM): and that is if I am correct
apo_sapa (12:11:34 AM): btw ano nga pla pagkaalam mo skin (by the way, what do you know about me?)
busabos: agent po ng NBI kasama nila Sir Palmer at Glenn (that you are an NBI | National Bureau of Investigation Agent who works together with Sir Palmer and Glenn)
apo_sapa (12:12:35 AM): taenang phil star yan (screw the Phil Star Newspaper)
apo_sapa (12:12:38 AM): ehehehe
apo_sapa (12:13:21 AM): actualy bago lng din ako dyan ( actually, I’m just new to the job)
busabos: We want other people to secure our government website.
apo_sapa (12:15:58 AM): yeah
apo_sapa (12:16:08 AM): thank you very much
apo_sapa (12:16:41 AM): wel actually ang gagawin lng naman is to strengthen yung mga govt agencies like una yun mga na hack (well, actually what we need to do is to strengthen government agencies like the ones that were hacked)
apo_sapa (12:17:05 AM): kung pano masesecure (like how to secure)
apo_sapa (12:17:42 AM): tapos probing para malaman kung ano dapat secure (then to probe what needs to be secured)
apo_sapa (12:18:42 AM): kc ang napagaralan ko lng sa investigation hanapin ip from logs and headers (because what I learned in the investigation is to find IP from logs and headers)
apo_sapa (12:18:53 AM): pano pag nka tunnel o proxy? (but how about hackers using tunnels or proxies?)
busabos: @*#&@(#*@#(&@^#(#^@#@@*#&@(#*@#(&@^#(#^@#@
busabos: @*#&@(#*@#(&@^#(#^@#@
busabos: @*#&@(#*@#(&@^#(#^@#@
busabos: same with proxy… @*#&@(#*@#(&@^#(#^@#@#&@(#*@#(&@^#(#^@#@
busabos: to get the logs
apo_sapa (12:21:38 AM): na vivisualize ko yung idea pro…den ( I think I already visualize the idea but then)
busabos: tapos nagchecheck din ako sa (then I checked the) @*#&@(#*@#(&@^#(#^@#@ *#&@(#*@#(&@^#(#^@#@
busabos: @*#&@(#*@#(&@^#(#^@#@ @*#&@(#*@#(&@^#(#^@#@
busabos: Before, our website was hacked but we were not able to make a complain about the attacker because it traces from another country.
apo_sapa (12:23:18 AM): where?
busabos: from Bandung, Indonesia
apo_sapa (12:23:59 AM): indonesian yung tumira? (The one who pawned the website was an indonesian?)
busabos: opo indonesian tumira sa site namin dati (yes, it was an Indonesian)

—- blah blah blah —-

apo_sapa (12:25:02 AM): aaminin ko syo dhil mabait k nman (Alright, lemme confess to you something about our agency because you are kind)
apo_sapa (12:25:27 AM): sa nbi pg nsa iba bansa ang suspect ala n nagagawa (In the NBI we can’t do something if the suspect is from another country)
apo_sapa (12:25:46 AM): primarily because of jurisdiction issues
busabos: alam ko na yan ser….same din yan sa ibang bansa (I know that sir. That is also true to other countries)
apo_sapa (12:26:17 AM): pangalawa yung pag kukunan ng logs such as isp
(Second is the source of where to get the logs such as ISP)

—- blah blah blah —-

apo_sapa (12:26:56 AM): It’s really nice meeting you
apo_sapa (12:27:16 AM): kc sa nbi ako n yung pinaka magaling dyan sa it
(Because in the agency, I am the best agent in the IT)
busabos: nabasa ko nga din ser na nahihirapan kayo sa abuse sa mga video sites na naguupload ng scandal (Sources tell me that you have a hard time about the abuses of video sites that uploads about scandals)
apo_sapa (12:27:31 AM): I don’t know anything about hacking
apo_sapa (12:27:42 AM): that’s the problem
apo_sapa (12:28:08 AM): they protect d privacy of their users
apo_sapa (12:29:28 AM): ang nbi kasi reactive lng (NBI is just reactive)
apo_sapa (12:29:40 AM): meaning pg walang nagcomplain la na magagawa (If we dont receive complains then we don’t have something to do)
apo_sapa (12:29:55 AM):that’s why in the office we wait for complains and reports before we send out an operation

Busabos doubted the NBI’s tracing methods and that this chat log exposes an NBI agent who is vulnerable to social engineering and who doesn’t even know how to keep the secrets of the agency. During the website intrusions in 2009-2010, I once saw a news clip wherein NBI claimed that the defacer was from Indonesia. See? Their IP Tracing and Forensics method cannot be trusted. Busabos was just playing with the agent and his replies and answers were half the truth.

Also, how can they spy on people if their identities are published in the media and their pictures exposed in Facebook? The image below was exposed by the fake AnonPH then was spread to the underground channels in IRC.


It looks like the hackers are the one spying them, take a look on the next question.

5 . Was the National Bureau of Investigation Agency breached before?


I think I was still in the elementary when this happened 😉

6. Do you call yourself a hacker?

No, I don’t like to label myself as a hacker.

7. What do you think about the ProjectX Blog?

I give my thumbs up to them. I am very happy that I can see  their members are helping each other, hanging out in IRC, cracking some jokes, etc. And I don’t see smart ass and show off members in the crew.

8. What do you think about ROOTCON which is the Philippines Premiere Hacker Conference?

I also give my thumbs up to them, a lot of people likes to attend the con but it’s just too expensive.

9. What do you think about the Philippine government’s stand about Information Security and Hacking?

uhm, next question pls.

10. Do you have any final words that you wanna share to the netizens of the Philippines?

e0wh p0whz (Hello)….Just wanna say Hi ….love ko kayo (I love you guys) :*


    1. Author

      Hello po sir CyberAgent, ganda ng ip mo.. Aside from that, you are using as the url you filled up for commenting on this article and also as your email address. Why are you using that URL and email?

      And btw, the Project Honey Pot system has detected behavior from the IP address you used consistent with that of a mail server and dictionary attacker. 😉


Leave a Reply