DICT also traces cyberattack to Army, 2 complaining news sites say
Initial findings of an investigation led by the Department of Information and Communications Technology (DICT) have revealed that the cyberattacks on the websites of two alternative news outfits originated from a computer network assigned to the Philippine Army, confirming an earlier digital forensics probe linking the military to the attacks.
In a joint statement, Bulatlat and Altermidya-People’s Alternative Media Network slammed the military for alleged cybercrimes against independent media and called for accountability.
The findings by the DICT’s Computer Emergency Response Team (CERT-PH) echoed the investigation by Swedish digital forensic group Qurium Media Foundation in June, which traced the series of attacks to block access to the sites, to the Army and the Department of Science and Technology (DOST).
Publication ‘necessary’
The report was marked “TLP: AMBER,” which meant that the information should be restricted to the involved parties. But Bulatlat and Altermidya, both of which have been Red-tagged, or labeled as fronts for the Communist Party of the Philippines, said they deemed it “necessary” to publish the findings.
“There is no reason to keep it confidential especially if state agents used public funds and resources to infringe upon our right to publish and the people’s right to information,” the two outfits said on Thursday.
The Army, through its spokesperson Col. Ramon Zagala, said it had never launched cyberattacks.
Zagala said what the two news sites had been alleging as cyberattacks was a mere visit to their sites by someone who had used the Army’s IP (internet protocol) address.
“Is it illegal to browse through their sites? Do they view that as a cyberattack?” he said.
DICT officials could not be reached by the Inquirer for comment.
Confirmed address
The incident notification report, dated Aug. 11, said that even before it received the request for an investigation, CERT-PH called the DOST and confirmed that the IP address was assigned to the Army.
The team said it coordinated with the military to seek “the right person to engage with” in the investigation, but received no response to its requests in July.
“An additional analysis did not prosper due to the none (sic) established coordination with the organization currently using the said IP,” the report read.
Bulatlat and Altermidya said they took offense at the “duplicity” of the Army over the incident —“publicly professing respect for press freedom but launching vicious digital attacks, and never cooperating with other government agencies.”
When the Qurium findings were released a few months ago, the military said it was taking the accusation seriously and would not tolerate such attacks against the press.
The two news outfits also said they had not received any communication from the DOST, which provides the infrastructure to the military.
“The DOST should not allow its infrastructure to be used to suppress the truth, and should impose penalties for agencies found to commit abuses,” they said.
‘Flooding’
Qurium, in its own investigation, found at least five attacks against the two news sites and also on the website of human rights group Karapatan in May and June.
These were distributed denial of service (DDoS) attacks, in which perpetrators “flood” targeted machines with superfluous requests to overload the host and disrupt its services, rendering these inaccessible to others.
Bulatlat called these cyberattacks “politically motivated and state-sponsored.” —Jhesset O. Enano and Jeanette I. Andrade
