CONFIRMED by CERT-PH: Philippine Army involved in DDoS attacks against independent media

September 23, 2021

In July 2021, Qurium Media Foundation reported on brief but frequent denial of service attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan. The result of the initial digital forensics investigation was the finding of a link between the attack and the infrastructure of the Department of Science and Technology (DOST) and the attribution of such activity to the Philippine Army (AFP).

Qurium’s investigation showed that a machine using an IP address publicly registered as DOST conducted a “vulnerability scan” on Bulatlat after one of the DDoS attacks. DOST claimed that they were not involved in the attacks and that “they just assist(ed) other government agencies by allowing the use of some of its IP addresses in the local networks to other government agencies”. Despite pressure from international media, DOST did not reveal which “agency” was leasing that specific IP address connected with the attacks.

DOST committed to launch an internal investigation, but its results has never been shared with the victims. DOST also stated “(they will) never infringe upon any right, including the right to press freedom”.

In coordination with the victims the case was reported to the Computer Emergency Response Team (CERT-PH), operating under the Department of Information and Communications Technology. After two months, the CERT-PH shared its findings with Bulatlat and Altermidya and officially confirmed that the IP included in Qurium’s attack logs was assigned to the Philippine Army.

Although the CERT-PH report (dated August 11th) is marked TLP:AMBER, implying that the information should be restricted to the parties involved, Bulatlat and Altermidya deemed it necessary to publish its full content stating “there is no reason to keep it confidential especially if state agents used public funds and resources to infringe upon our right to publish and the people’s right to information”

Today, Bulatlat and Altermidya published a joint statement and expressed their gratitude to CERT-PH for doing their duties, and their disappointment with DOST that clearly has not acted in the best interest of press freedom.

CERT-PH Incident Notification Report on Alleged Cyber-attack to and