Army just ‘surfing,’ not attacking news site—Biazon

Not a cyberattack but mere surfing.

This was how Muntinlupa Rep. Ruffy Biazon, quoting the Philippine Army, countered the accusation that one of the Army’s internet protocol (IP) addresses was behind the cyberattacks on the alternative news website Bulatlat.com.

At the House of Representatives’ plenary deliberation on the proposed P222-billion budget of the Department of National Defense for 2022, of which he is the sponsor, Biazon said the Army had investigated the matter and concluded that the IP address in question—202.90.137.43—only engaged in “surfing activity” of less than a minute.

“Based on the logs [the Army] got from the devices they have, the activity lasted around 30 seconds or less, and the data transmission is consistent with surfing activity only,” Biazon said on Wednesday night.

Replying to queries from Kabataan Rep. Sarah Jane Elago, he added: “There was no overloading of data seen as to the server of Bulatlat.com. So for [the Army], this cannot be considered a cyberattack, but they do acknowledge that there was surfing activity.”

He surmised that someone using the IP address may have browsed Bulatlat.

Army domain

Elago had asked about the findings of the National Computer Emergency Response Team (CERT-PH) regarding “2,182 lines with logs with destination Bulatlat.com” from the IP address.

The IP address also had the details acepcionecjr@army.mil.ph Taguig Red Server. The mil.ph is a domain reserved for the Army.

Elago questioned Biazon as to who owned the email address and his or her position in the Army.

Biazon said the Army acknowledged that the address was connected to one of its personnel, “a certain Sergeant Acepcion.”

“He is the registered administrator of the PH Army internet device Sophos server,” Biazon said.

The links of government-associated IP addresses to cyberattacks on alternative news websites and human rights groups was first disclosed by Quirium, a nonprofit digital forensics firm based in Sweden.

‘Flooding’

Elago was unconvinced by the Army’s explanation through Biazon, and cited CERT PH’s initial findings that “this is not just simple browsing.”

“It was flooding because of the several lines of logs that had Bulatlat.com as destination,” she said.

Elago also criticized the Army for not responding to CERT PH’s request last July for a “point person” to help in the investigation.

“More than two months have passed and it’s not far-fetched that forensic evidence has been destroyed. That is what worries me,” she said.

Elago wondered why the Army was explaining the matter at this late stage, after ignoring the request for cooperation from CERT PH and the Department of Information Communication Technology’s cybersecurity bureau.

“If the Army will continue to deny this, it means no one will answer or be accountable for the cyberattacks on these websites,” she said.

Commitment

Elago urged the Army to continue with its investigation and to impose sanctions on those found responsible for the cyberattacks.

Blazon said the military was aware of laws covering cyberattacks and would use these laws to sanction personnel found guilty of the offense, and carry out administrative processes as well.

“That is the commitment of our military,” he said.

Read more...