MANILA, Philippines — Local human rights watchdog Karapatan on Thursday decried renewed cyberattacks against its website at karapatan.org.
In a statement, the rights group said this came after a new report from Sweden-based media foundation Qurium published Tuesday.
Related Stories
As it stands, Karapatan said, one cyberattack started on July 29 and is still ongoing as of Wednesday.
"These new series of cowardly cyber attacks against our website were obviously made to prevent the public from accessing our reports on the worsening state of human rights in the Philippines — and we know whose interests these attacks serve," Karapatan Secretary General Cristina Palabay said.
Palabay said that "specifically targeting Karapatan’s online resources only means that these attacks were clearly trying to suppress our documentation and human rights work, and of course, the people’s right to freedom of information."
Qurium in its report said the attacks "[took] place amid the online solidarity campaign #StopTheKillingsPH" as "human rights organizations and advocates across the world asserted the call to stop the killings in the Philippines and to hold President Rodrigo Duterte accountable for what progressive groups say are his crimes against the Filipino people.
The event also marked one year since the killing of human rights worker Zara Alvarez, who was shot dead in Bacolod City.
According to Qurium, the attack infrastructure "used to launch billion of malicious web requests" was composed of application-layer web floods, a type of Distributed Denial of Service or DDoS.
The attacks were specifically launched against the karapatan.org/resources site, which the rights group said contains its directory of periodical monitors, year-end reports, policy position papers, and other public resources.
"During the 16th of August 2021, the attacks intensified with the inclusion of 'headless browsers' supporting Javascript and capable to bypass common anti-DDOS techniques as 'captchas.' The attackers used the very same proxy network with the 'headless browsers' to flood the website," Qurium said in its report.
"The geographical distribution of the bots that flood the website is global but four countries account for almost half of the bots: Russia, Ukraine, Indonesia and China."
Qurium’s forensic investigation published in its website reveals that the attacks have been traced to the Philippine military with the identity “acepcionecjr@army.mil.ph Taguig Red Server.” Globally, the "mil" top-level domain is reserved for the military establishment.
— Bulatlat (@bulatlat) June 22, 2021
FROM INTERAKSYON: Quick dive into recent cyberattacks vs Altermidya, Bulatlat, Karapatan websites
"The analysis of the different clusters of bad traffic shows a composition of multiple traffic generators proxying the random requests to specific pools of proxies. This behavior is very consistent across large pools of bots from Russia and China," Qurium said.
In May and June of this year, the websites of Karapatan and alternative media outfits Bulatlat and Altermidya were also attacked. According to Qurium, a digital certificate showed that the machine that conducted a “vulnerability scan” on Bulatlat was linked to the email address acepcionecjr@army.mil.ph and the Office of the Assistant Chief of Staff for Intelligence of the Philippine Army and the Department of Science and Technology.
DOST has denied involvement in the cyberattacks, saying that tracing back the attacks to an IP address linked to them does not mean they had a hand in these.
The first series of DDos attacks on Karapatan's website was documented by Qurium as early as December 2018, the group said.
"These attacks only benefit those who want to silence us and our human rights work amid a pervasive state of impunity in the country. We thank our friends from Qurium for documenting these attacks as we seek further investigations on the perpetrators of such attacks," Palabay said.
— Franco Luna with a report from Xave Gregorio