Sweden-based rights group Quirium: The Media Foundation or Quirium Media has found that the Philippine government is somehow linked to the cyberattacks alternative media outlets have been getting recently.
From May to June, the websites of Bulatlat, Karapatan, and Altermidya have experienced “brief but frequent denial attacks.”
Altermidya “is a national network of independent and progressive media outfits, institutions, and individuals” which Bulatlat is part of, while Karapatan is a human rights organization.
Attacks against media in the Philippines continue.
Forensic Report.
Attackers pen tested the sites from Sophos XG RED Firewall connection with PH Army digital certificate.https://t.co/JmkIruMXEe pic.twitter.com/3sGSxzO3nO— Qurium Media (@Qur1um) June 23, 2021
“During the past month, Qurium has received brief but frequent denial attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan,” Quirium Media stated.
Bulatlat and Karapatan first got attacked on May 17 and Altermidya only a day after.
On May 18, Quirium determined that a Department of Science Technology machine scanned the Bulatlat website.
“The IP seems to belong to The Philippine Research, Education, and Government Information Network.”
The IP address was also traced to governmental institutions’ suppliers of hardware and services.
“A close look into the IP reveals that a Sophos firewall is behind the IP address. The appliance has a Certificate in the name of IP-Solutions Inc. The company (Lorna V. Zacate) signing the digital certificates of the appliances is a supplier of hardware and services to the Governmental Institutions in the Philippines.”
The other IP address found is on the “Chief of Army (Philippines)” Wikipedia page and also appears in pages related to the Philippine Army.
“While searching for Sophos Firewall machines in the same network, we found another unit in the IP 202.90.137{.}43, also with digital certificate in the name of IP Solutions Inc.,”
However, the DOST has called the accusations “unfounded and patently false.”
“It has been mentioned in the news that the IP address used to initiate recent alleged cyber-attacks towards some media was traced to the Department of Science and Technology (DOST). The implication of DOST’s involvement in said cyber-attacks is unfounded and patently false,” the DOST wrote.
It stressed that the DOST-Advanced Science and Technology Institute, its website domain, helps government agencies when it comes to IP addresses.
“As part of DOST’s responsibility and mandate in terms of ICT management, DOST-ASTI is part of a larger government network and DOST-ASTI assists other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies.
“Given this, the statement that DOST potentially took part in initiating the alleged cyber-attacks is false. This statement was solely based on the tracked IP address and does not translate to the Department’s involvement in the matter,” it added.
The Philippine Army has yet to react to the allegations.
Altermidya meanwhile said that just right after sharing a report on Duterte’s war on drugs on June 16, an attack happened.
“The most recent cyberattack against Altermidya’s website was on June 16, after we posted an article on the International Criminal Court’s investigation on the Duterte administration’s ‘War on Drugs,” it said.
“Altermidya condemns these cyberattacks on our websites, as well as those against other progressive groups,” it added.
The attacks don’t even surprise Bulalatlat anymore, explaining that the government has been attempting to label it as a communist front.
“We demand the Philippine military and the DOST to stop the cyber-attacks and respect our right to publish. We call on private IT firms not to allow their infrastructure to be used in violating press freedom,” they said.
Qurium’s forensic investigation published in its website reveals that the attacks have been traced to the Philippine military with the identity “[email protected] Taguig Red Server.” Globally, the "mil" top-level domain is reserved for the military establishment.
— Bulatlat (@bulatlat) June 22, 2021