What is Bulatlat?
Bulatlat is an online news magazine established after the ouster of former President Joseph Estrada. Press freedom advocates and human rights defenders gathered to form the news agency to tap the then booming internet in the country to help explain issues and government policies and to contribute towards shaping public opinion by bringing to the fore the struggles and aspirations of the Filipino people.
Committed to its advocacy of truth-telling, Bulatlat and its reporters have become targets of political repression. Under former President Gloria Macapagal Arroyo, the alternative news agency was named as among the “enemies of the state” in the infamous “Know thy Enemy” report used by the Philippine military to red tag legitimate people’s organizations. There were also cases of surveillance and even sexual harassment against its editorial team as they carried out their work.
However, the recent series of blatant yet insidious cyber-attacks launched against Bulatlat and other alternative news agencies is another obnoxious measure to silence even the slightest dissent that the present administration cannot tolerate.
What is DDoS?
Distributed Denial of Service (DDoS) is a malicious form of cyber-attack that aims to overload a targeted machine – in this case the server of Bulatlat’s website. Once the server is oversaturated, the website will become inaccessible. As a result, additional and legitimate readers of the website are literally be “denied” of access to Bulatlat.
Another keyword in understanding this cyber-attack is “Distributed.” This means that several sources of traffic, usually in a form of botnet, are being used to flood the targeted machine.
According to IT experts that Bulatlat consulted, DDoS is a common form of cyber-attack. Applications that may be used to launch this cyber-attack may easily be accessed or downloaded via the grey market. However, they said that based on the magnitude and scale of the attacks against Bulatlat, they estimated that big resources were definitely poured.
How big was the attack against Bulatlat?
— Qurium Media (@Qur1um) February 2, 2019
The cyber-attacks began in December, then resumed on Jan. 19, following the publishing of two reports on how the state is abandoning Filipino children by lowering the minimum age of criminal responsbility and on the release of peace consultant Rafael Baylosis.
Bulatlat’s website, which had already availed of CloudFare to mitigate similar attacks back on Dec. 26, 2018, was shut down for several days. Attackers first attacked the front-end hosted by CloudFare and later directed its attack to the backend.
Qurium Media Foundation, a Sweden-based group of IT experts, told Bulatlat that several modes of attacks were utilized to shut down the website. These include:
• Multiple flooding using compromised devices and hosting servers
• Attacks against the search engine
• Bandwidth exhaustion
• Session attacks
Attackers had the plan carefully laid out, as it kept they initially kept their requests at a low ratio to avoid flood detection. One of its worst attacks was on Jan. 29, where they flooded the website with 3 million packets of second for 60 minutes.
In simple language, nearly half a year traffic has been reduced to a mere second.
Fortunately, despite these attacks, Bulatlat was able to successfully migrate to Qurium’s server on Jan. 25 in the middle of attacks. The Sweden-based group has since been mitigating the cyber-attacks.
Attackers are also using keywords such as “Duterte” and “XD” to flood Bulatlat’s website.
Cyber-attacks ceased for several days, following Bulatlat’s reaching out to fellow media organizations to expose the attacks. The Philippine Daily Inquirer, on its editorial, included the cyber-attacks against Bulatlat as a glaring example on how press freedom is being curtailed in the country.
However, Qurium noted that from Feb. 1 to 4, attackers began trying to break into the website. On Feb. 4, the Swedish-based IT group added that the same attack was being launched against another alternative news agency, Kodao Productions.
Both news agency published the report of journalist Raymond Villanueva on the attempts to cover-up the cold-blooded killing of National Democratic Front of the Philippines peace consultant Felix Randy Malayao.
What Bulatlat knows so far
After analyzing several gigabytes of logfiles, it was learned that the attackers are based in the Philippines and are launching attacks using a Virtual Private Network. This allows them to remain hidden.
Qurium is further investigating the identity of the attackers. Meanwhile, Bulatlat preparing to take up the next appropriate legal action as soon as the identity of the attackers is confirmed.
Why Bulatlat believes this is state-sponsored
Bulatlat has reasons to believe that this is a state-sponsored attack, given the social and political context in the country and its impact on the compelling role of journalists in ensuring transparency and truth-telling. After all, curtailing press freedom and denigrating the importance of a free press was among the firsts that former dictator Ferdinand Marcos did.
Under the Duterte administration, media watchdogs were able to document at least 85 cases of attacks and threats against press. In an effort to disparage the importance of media in the age of fake news and alternative facts, it was under this administration that the Philippine media are routinely tagged as “presstitutes” and even “bayaran” (bribed).
Giant television network ABS-CBN is under heavy pressure as it must renew its franchise that will allow it to operate. Maria Ressa, CEO of online news Rappler is facing a politically-ridden tax evasion case. The Philippine Daily Inquirer is also under attack. In December, two more alternative news websites Kodao and Pinoy Weekly were also shut down due to an apparent DDoS attack.