Posts

REPORT: Philippine Army source of cyber-attacks vs. media outfits

An internet protocol (IP) address assigned to the Philippine Army was the source of cyber-attacks on media websites Bulatlat.com and Altermidya.net, a government agency confirmed.

Bulatlat and Altermidya said the Computer Emergency Response Team (CERT-PH), an agency of the Department of Information and Communications Technology (DICT), finally gave them a copy of its initial findings confirming earlier reports state agents were behind the attacks on their websites.

In an August 11 report, CERT-PH said its analysis and investigation revealed that IP address 202.90.137[.].42 that conducted unauthorized vulnerability scans of the said websites, was assigned to the Philippine Army.

“CERT-PH noted the 2182 lines of logs with destination bulatlat.com from the IP 202.90.137[.].42, which was submitted by the investigation requester,” part of the report said.

A vulnerability scan seeks potential weaknesses in the targeted network without permission from the system owner.

READ: Group reveals attacks on media and human rights websites

CERT-PH’s report said additional analysis of the incidents did not prosper due to Philippine Army’s refusal to reply to requests for “coordination.”

In a joint statement, Bulatlat and Altermidya said CERT-PH’s report validated findings made last June by their hosting provider, Sweden-based Qurium Media Foundation.

The media outfits said the Armed Forces of the Philippines at the time feigned ignorance and issued a statement claiming it upholds press freedom.

The DOST, which provides the infrastructure to the Philippine Army, also refused to reveal the agency behind the IP space and to this day has not communicated with Bulatlat and Altermidya regarding its promise to ask the DICT for an independent probe, despite repeated requests.

“As of today, we have not received any communication from the DOST regarding its investigation, which we requested a copy of. We tried reaching out to them via office phone and email, but we have yet to receive a response,” Bulatlat and Altermidya said.

The media outfits said they condemn the Philippine Army for carrying out cyber crimes against independent media outfits.

“We take offense at the duplicity they have shown regarding this incident – publicly professing respect for press freedom but launching vicious digital attacks, and never cooperating with other government agencies,” the outfits said.

Bulatlat and Altermidya also expressed disappointment with the DOST for “covering up for the Philippine Army.”

“DOST should not allow its infrastructure be used to suppress the truth, and should impose penalties for agencies found to commit abuses,” they said. # (Raymund B. Villanueva)

CERT-PH’s report.

Group reveals attacks on media and human rights websites

Digital platforms linked to the Rodrigo Duterte government launched attacks on the websites of alternative media outfits and a human rights organization, a Sweden-based digital forensics group revealed.

Several internet protocol (IP) addresses linked to the Department of Science and Technology (DOST) and the Philippine Army attacked the websites of media outfits Bulatlat (Bulatlat.com) and Altermidya (Altermidya.net) and human rights group Karapatan (Karapatan.org), Qurium Media Foundation reported.

Qurium said that it was able to identify a vulnerability scan an attack on Bulatlat.com last May 18 by a machine from the DOST network with IP address 202.90.137{.}42.

The vulnerability scan sought potential weaknesses in the targeted network without permission from the system owner, Qurium said.

The group said the IP address’ certificate was registered to IP Solutions, Inc., a supplier of hardware and services to Philippine government agencies.

Another unit under the same IP address was registered to a certain “acepcionecjr@army.mil.ph Taguig Red Server.”

The “army.mil.ph” is the official domain and website of the Philippine Army.

The IP address was also traced to an edit in the Wikipedia entry “Chief of the Army (Philippines)” last June 10, 2021, Qurium said.

The series of attacks also included “HTTP flood attacks”, a type of volumetric Distributed Denial of Service (DDoS) attack designed to overwhelm a targeted server with seemingly legitimate HTTP requests.

Kodao was first to announce of an intense DDoS attack that coincided with the attacks on AlterMidya, Bulatlat and Karapatan.

The National Union of Journalists of the Philippines has issued separate alerts on both reports. # (Raymund B. Villanueva)

We will not be cowed nor silenced

Today, we take pride in announcing that we have earned a position among the online media outfits targeted for shutdown for reporting critically and siding with the truth. Our digital security partner confirmed on April 28 that www.nordis.net, the web-based platform of Northern Dispatch, is the subject of a Distributed Denial of Service (DDoS) attack.

So intense is the attack that even after our web host provider, Host Color, removed the resource limit of our account, our site failed to accommodate the traffic. The millions of requests that flooded the site overloaded and crashed the server. To date, our website has been down for two days. Before this, access has been intermittent since April 17.

This latest attack against Northern Dispatch, while highly condemnable, also means that we are performing our job well. We live up to our principle and tradition of amplifying the voice of the poor and marginalized. By doing so, we made enemies of dark forces that spread lies and narratives against the poor and their struggles.

It is important to note that this cyber-assault came amid the COVID-19 pandemic. In a period when critical reporting on the actual situation is urgent and essential. When people need to know how the government is responding to the health crisis and the severe socio-economic problems it spawned. Our foes initiated the attack at a time when rights protected under the Constitution are brazenly violated on unprecedented scales under the pretext of a public health emergency.

The attack came after months of intensified red-tagging of our outfit and staff by the military and its army of online trolls and minions. Since last year, the vilification and intimidation of our correspondents from Cagayan Valley (Deo Montesclaros) and Ilocos (Paola Espiritu) by state agents intensified. Also last year, suspected military assets shot and critically wounded Brandon Lee, our provincial correspondent from Ifugao. Last January, the Baguio City Police also tagged our Managing Editor Sherwin De Vera as a Communist Front Organization personality.

Just this April, online trolls circulated images on Facebook tagging Northern Dispatch as the propaganda arm of the New People’s Army. The same troll accounts posted photos of De Vera and Espiritu on the same online platform, accusing them as recruiters for the communist rebels.

The DDoS attack may not be as deadly as those that came before, but the message is the same, loud and clear – they want to silence the critical media. Those who benefit from this exploitative and repressive status quo want our stories to stop.

As we face the challenge of reporting amid this pandemic, the brutal attack against our ranks and this high-tech battering against our information portal, we send the following message:

To our readers, fear not. Our allies in the fight for freedom of the press and expression are helping us to bring our website back. In case this battle drags on, don’t despair. Our commitment remains. We will continue to bring you information and critical insights on issues and events in Northern Luzon in other ways.

To the people, especially the poor and oppressed, rest assured that we will uphold our task to amplify your plight and struggles.

To our colleagues in the media, join us, not only to keep the line taut but also to fight back and move forward.

To the enemies of press freedom and the people’s right to know, threaten us all you want, but we will not be cowed nor silenced. Payt latta! #