July 1, 2021
Qurium Media Foundation has received brief but frequent denial of service attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan during May and June 2021.
When launching a digital forensics investigation to attribute the attacks, Qurium found links to the Department of Science and Technology (DOST) and the Philippine Army (AFP).
Qurium’s investigation shows that a machine using an IP address registered as DOST conducted a “vulnerability scan” on Bulatlat after one of the DDoS attacks. After the release of our first forensic report, DOST stated that they are not involved in the attacks and that “they just assist other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies”. Despite pressure from media, DOST has yet not revealed which government agency the specific IP address of the attack has been leased to.
Looking deeper into the network of the DOST machine, Qurium identified another setup with identical firewall configuration, strongly suggesting that the machine was set up and operated by the same organization. Via a digital certificate of a firewall, this machine was linked to the email address acepcionecjr @ army.mil.ph and the Office of the Assistant Chief of Staff for Intelligence (OG2-PA) of the Philippine Army.
These cyber attacks has taken place two years after the massive DDoS attacks against independent media in the Philippines that lead to a legal case against two local ICT companies that “facilitated” the attacks. The linkage of the 2021 attacks to DOST and the Army has been widely covered in Philippine online media and TV.
Qurium forensics report: Attacks against media in the Philippines continue
Media coverage
[1 Jul 2021] ABS-CBN TV (8min20s)
[29 June 2021] Inquirer.net Probe cyberattacks
[28 Jun 2021] Politiko Dapat may managot! Makabayan bloc seeks probe on cyber attacks vs Bulatlat, Altermidya sites
[28 Jun 2021] Philstar.com Bayan Muna lawmakers want House probe into cyberattacks vs alternative media
[26 Jun 2021] The Manila Times Is DoST involved in cyber hacking?
[25 Jun 2021] GMA News Online DOST chief urged to launch probe on ‘cyberattacks’ on alternative news sites
[25 Jun 2021] Inquirer.net Probe pushed as DOST denies role in cyberattacks
[24 Jun 2021] Inquirer.net Cyberattacks on red-tagged news sites traced to DOST, Army
[24 Jun 2021] ABS-CBN News Alternative news websites hit by alleged state-backed cyberattacks: digital forensics
[23 June 2021] Rappler Military, DOST links found in DDoS attacks on media – report
[22 Jun 2021] Philstar.com Alternative media groups denounce reported cyberattacks on their websites
Contacts
Digital forensics: Tord Lundström, <t@virtualroad.org>, Technical Director
Media: Clara Zid <info@virtualroad.org>, Media and Outreach Manager