Hacktivist questions DICT’s ₱300M+ cloud-heavy bidding requirement

A hacktivist is sounding the alarm over the DICT’s ₱363 million cloud infrastructure bid and its “comically low” data transfer limits.

A self-identified hacktivist group has sparked online debate after publicly criticizing a recent “Invitation to Bid” issued by the Department of Information and Communications Technology (DICT), raising questions over the agency’s proposed cloud infrastructure spending and technical specifications.

In a lengthy post circulating online, the account Klammer / Deathnote Hackers International took aim at DICT’s bidding document labeled DICTBAC-2026-005, alleging that while the project appears “official on the surface,” a closer look reveals “shady decisions that go way past normal government inefficiency.”

Heavy cloud spend, little ownership?

At the center of the criticism is DICT’s reported reliance on cloud credits instead of building permanent infrastructure. According to the post, the project earmarks roughly ₱42 million per month in Amazon Web Services (AWS) credits over seven months, totaling close to ₱294 million, with an additional ₱69 million allocated under loosely defined “support and services.”

“They’re not buying any real, permanent infrastructure… just blowing through usage fees,” the post reads, warning that such a model could leave the government without long-term control over its systems.

“Oversized” system?

The hacktivist account also questioned the scale of the requirements, citing specifications for more than 3,300 virtual machines, including configurations such as 700 instances with 8 vCPUs and 32GB RAM each.

“That kind of setup screams major global bank or big-tech enterprise level,” the post stated, arguing that Philippine e-government platforms may not require such sustained capacity. It further raised concerns that excess resources could remain underutilized or be “repurposed somewhere else later.”

Missing technical justification

Another key issue flagged was the alleged lack of supporting data behind the specifications.

“They list out all these heavy-duty specs, but… no mention of expected concurrent users, peak traffic loads, or even a proper workload study,” the post noted, adding that such documentation is typically standard in private-sector IT projects.

The database setup was also criticized, particularly the reported use of Single-AZ deployment, which the post described as less resilient compared to multi-zone configurations expected in critical systems.

Data mismatch raises eyebrows

The post also pointed to what it called a glaring inconsistency: a data transfer allocation of only 100GB per month across thousands of servers.

“It’s comically low,” the account wrote, suggesting either flawed traffic estimates or an oversized system design.

Procurement concerns

Beyond technical issues, the hacktivist group flagged procurement-related provisions, including the eligibility of sole proprietorships to participate in the bidding, which it warned could open the door to “shell companies and paper-only operators.”

It also highlighted a clause stating that unused resources at the end of the contract would belong to DICT, raising concerns about how such assets might be utilized.

Call for scrutiny

The post ends with a call for industry players and taxpayers to closely examine the bidding document.

“This is public money. It shouldn’t be treated like someone’s private slush fund,” the account said.

As of writing, DICT has yet to issue a public response addressing the claims. The bidding process and its technical requirements are expected to undergo further scrutiny from stakeholders in the IT and procurement sectors.