Probe pushed as DOST denies role in cyberattacks
MANILA, Philippines — The alternative news organizations whose websites were targeted by a string of cyberattacks on Thursday called on the Department of Science and Technology (DOST) and the Philippine Army to investigate how their networks were used to disrupt the media services.
It was the Swedish digital forensic group Qurium that recorded the attacks, technically called distributed denial of service (DDoS), against the two alternative media groups—Bulatlat and Altermidya—and the human rights group Karapatan on May 17, May 18, May 20, June 16 (not June 6 as earlier reported) and on June 22 to June 23.
Qurium said the attacks were launched from an internet protocol (IP) address that belonged to the DOST, specifically the Philippine Research, Education and Government Information Network, or Preginet, which is under the department’s Advanced Science and Technology Institute (Asti).
In the hourslong June 22 to June 23 attack, Qurium reported that a “penetrability test” to access the sites’ weaknesses and a DDoS attack were launched from the same IP address or location.
In a DDoS attack, the perpetrators “flood” the targeted machines or resources with superfluous requests to overload the host and disrupt its services, rendering them inaccessible to others, including the general public, for the duration of the attack.
It was the first time that such attacks against these websites had been traced to government agencies.
State agents had tagged Bulatlat, Altermidya and Karapatan as fronts for the Communist Party of the Philippines and the New People’s Army.
Palace: Premature
Presidential spokesperson Harry Roque said the attacks would be looked into and it was premature to point fingers at the government.
“It is still unfair to link any government agency [to the cyberattacks] since this has not been investigated,” Roque said at a press briefing.
In a joint statement, Bulatlat and Altermidya noted the DOST’s denial of any involvement in the “brief but frequent” attacks meant to block readers’ access to their sites in May and June.
In a statement on Thursday, the DOST said the allegations in the Qurium report were “unfounded and patently false.”
According to the DOST, these were “solely based on the tracked IP address and does not translate to the department’s involvement in the matter.”
The DOST Asti provides assistance to other government agencies by allowing them to use some of its IP addresses in local networks, it said.
“The DOST remains committed to working toward a progressive Philippines, with science in full service of the Filipino people,” the agency said.
Bulatlat and Altermidya said that two other alternative media sites, Kodao and Pinoy Weekly, reported “suspicious web traffic” also on June 22 to June 23.
“We think this is part of systematic and orchestrated efforts in bringing down the websites of independent media,” the statement said.
‘Neither confirm or deny’
In a statement on Wednesday, Army spokesperson Col. Ramon Zagala said the Philippine Army “respects freedom of expression and per policy, will never infringe that freedom.”
“We take these accusation of cyberattack seriously and we will not condone or tolerate it if such occurred against media entities. Rest assured we are servants of the people and protector of freedom of expression,” Zagala said.
Both the DOST and the Army did not say whether they would conduct their own investigation of the reported cyberattacks.
In a series of tweets on Thursday, Qurium noted that the DOST “does not confirm or deny that the IP space involved in our reports belong to the Army.”
It also noted that the government agencies involved, as well as IP Solutions, the company that provides the hardware hosted in the DOST-IP space, had not responded to their requests for clarifications.
According to its website, Qurium is a group of digital forensics experts that focus on internet censorship, targeted malware, disinformation campaigns, election fraud and digital attacks against media and human rights organizations.
Bulatlat and Altermidya said Qurium was “instrumental in stopping the DDoS attacks we experienced in 2019.”
“There is no reason to doubt their expertise in tracing the attackers,” their statement said. —WITH REPORTS FROM DEXTER CABALZA AND LEILA B. SALAVERRIA INQ
