Millions-worth of cyberattack on rights group website traced to Israeli IT firm

For human rights group Karapatan, they see no other actor that would have the resources and motivation to take down their website but the Duterte administration.


IMUS, CAVITE – Sweden-based digital forensic group Qurium Media Foundation has traced the massive and well-funded cyberattacks on the website of human rights group Karapatan to an Israeli IT firm, estimating that the cost of carrying out such an attack could be at least P13 million or $260,000.

“Billions of requests, thousands of dollars spent on feeding garbage 24/7, night and day. They just keep on going and going and going,” Tord Lundstrom, technical director of Qurium, told Rest of World in a news report.

The cyberattacks against Karapatan began last month, where networks of infected devices flooded sites with the request, overwhelming its servers and taking it offline – also known as Distributed Denial of Service (DDoS) attacks.

In its digital forensic findings, Qurium said these infected botnets flooded a single folder on Karapatan’s website that contains reports on extrajudicial killings in the Philippines. The digital forensics experts group also noted that the attacks took place amid Karapatan’s online campaign, as they commemorated and pressed justice for victims of extrajudicial killings.

Qurium spent a month not just mitigating attacks, but also tracing where the attacks are coming from. Their digital forensic investigations led them to an IP address, which they traced to a network operated by Bright Data, an Israeli company that offers proxy networks and data services to corporate clients.

“These new series of cowardly cyber attacks against our website were obviously made to prevent the public from accessing our reports on the worsening state of human rights in the Philippines — and we know whose interests these attacks serve,” said Karapatan Secretary General Cristina Palabay.


In its digital forensic findings, Qurium said it was the first time that they saw the infrastructure being used for DDoS attacks, describing the Israeli firm’s services as “far from cheap.”

With one gigabyte of traffic ranging from $26 to $35, Qurium estimated that the 10,000 gigabytes of attack traffic from Aug. 10 to 20 alone could have amounted to at least $260,000 or about P13 million.

“It is difficult to believe that an attacker launching billions of requests flooding one single website has been undetected by Luminati for weeks. Only ‘Bright Data / Luminati Networks’ will be able to bring light to this case and explain to the general public how this ‘business deal’ was arranged,” Qurium said in its report.

In a Rest of World report, Lundstrom described the attack as “psychotic” and “sick” as they have never seen such a massive cyber-attack in the past decade.

Bright Data, for its part, has denied having a connection to the attacks, claiming that Qurium’s report is false.

Who is behind the attacks?

For Palabay, they see no other actor that would have the resources and motivation to take down their website but the Duterte administration.

In June, Qurium reported that it was able to trace the cyberattacks against Karapatan and websites of alternative news AlterMidya and Bulatlat to the Philippine military.

Read: State forces apparently behind the cyber-attacks against PH alternative media

Offline, however, attacks against Karapatan persist, with their members being red-tagged and, worse, killed.

“These attacks only benefit those who want to silence us and our human rights work amid a pervasive state of impunity in the country. We thank our friends from Qurium for documenting these attacks as we seek further investigations on the perpetrators of such attacks,” Palabay said. (JJE, RVO) (

Share This Post