STATEMENT | Bulatlat and Altermidya are extremely disappointed at the DOST’s curt, insufficient and late response to our letter asking for a copy of their own report into the cyberattacks launched against our websites. pic.twitter.com/J2LD5pmgsr
— Bulatlat (@bulatlat) September 30, 2021
By REIN TARINAY
MANILA — A Filipino IT expert said that the behavior flagged in the cyberattacks against alternative news sites does not exhibit normal browsing, contrary to claims of the Philippine military during the budget deliberations at the House of Representatives.
“If we review Quirium’s report, we see that there were spikes in the types of requests. The server was receiving these types of requests, (which) are not typical of normal browsing behavior,” said Kim Cantillas of Computer Professionals Union during a recent Twitter Spaces titled, “Cyber-a-talk,” hosted by Bulatlat.
Rep. Ruffy Biazon, sponsor of the budget of the Department of National Defense, claimed that the IP address belonging to the Philippine Army only stayed at the website for “30 seconds, more or less” and that the “transmission of data is consistent with surfing activity only.”
However, in a forensic investigation report by Sweden-based Qurium Media Foundation, the attacks that were carried out from May to June 2021 had two specific signatures, including a type of scan used by attackers to verify if the attacks were successful.
Unauthorized vulnerability scan, said Cantillas, is considered a precursor to graver attacks because it intends to know security gaps in a website, which can be vulnerable to attacks.
“It is concerning because the election is coming, and these attacks are publicly funded. We should be on the lookout on possible attacks, which could be done during elections, or the months leading to it,” Cantillas said.
No further investigation from DOST
While the decision of the Department of Information and Communications Technology (DICT) to provide alternative news sites with a copy of their investigation report came in as a pleasant surprise, Tord Lundström, technical director of Qurirum, said during the Twitter Spaces that the delay in the investigation is unprofessional.
“Slowing down the responses, postponing, asking people to be patient in fact is a mechanism to hinder the investigation. When it comes to cybersecurity, rapid response is key. It should not take two months to finish. There’s no real reason for not reaching out to us,” Lundström said.
Qurium is hosting the websites of Bulatlat, Altermidya and human rights group Karapatan. The media foundation has also been providing cyberattack mitigation for the said websites since 2019.
– DOST did not want to disclose that the AFP operates in their network.
– DICT has not released their investigation.
– AFP denied any wrong doing and supports “freedom of expression”
– Now AFP says: “it was a mere visit to their sites by someone who had used the Army’s IP” pic.twitter.com/j5FUUOebkb
— Qurium Media (@Qur1um) September 24, 2021
Meanwhile, the Department of Science and Technology, which owns the IP addresses in question, refused to release a copy of their investigation, saying that the DICT report is the only available report.
“No one from the Department of Science and Technology (DOST) asked us for the logs, they didn’t ask us to clarify any aspects of our forensic report. They didn’t ask us for the specifics of our methodology. They just ignored our reporting. We find that quite unprofessional in a sense.” Lundström said.
During a Committee hearing about the budget of the Department of Defense, a question was put forward about our forensic report. This is their response.
Now we officially know that the AFP surfs using DOST infrastructure. pic.twitter.com/dYihssiIXC
— Qurium Media (@Qur1um) September 26, 2021
In a joint statement, Bulatlat and AlterMidya said that they are extremely disappointed with the DOST’s curt and insufficient reply to their demands for the release of their investigation report. The group said, “we will not stop in demanding accountability for the brazen attacks on our right to publish and the people’s right to information.”