Quick dive into recent cyberattacks vs Altermidya, Bulatlat, Karapatan websites

June 24, 2021 - 8:11 PM
A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. (REUTERS/Kacper Pempel/Illustration

Philippine alternative media outlets experienced cyberattacks from May to June 2021, according to a Sweden-based rights group.

In a statement, Quirium: The Media Foundation or Quirium Media found “brief but frequent denial attacks” against the websites of Bulatlat, Karapatan and Altermidya.

  • Altermidya is a network of independent, progressive media outlets where Bulatlat is a member. Karapatan, on the other hand, is a human rights organization in the Philippines.

“During the past month, Qurium has received brief but frequent denial attacks against the Philippine alternative media outlets Bulatlat and Altermidya, as well as the human rights group Karapatan,” Quirium Media said.

In the summary presented, Bulatlat and Karapatan started to receive attacks on May 17, 2021. Another flood of attacks on Altermidya was recorded the next day.

It was on May 18 when Quirium identified a machine from the Department of Science Technology that scanned the website of Bulatlat.

“The IP seems to belong to The Philippine Research, Education, and Government Information Network,” Quirium Media said.

Graph from Quirium Media that showed the scan to Bulatlat’s website
Image from Quirium Media that showed the IP address from DOST

The foundation further traced the IP address to a supplier of hardware and services to the country’s governmental institutions.

“A close look into the IP reveals that a Sophos firewall is behind the IP address. The appliance has a Certificate in the name of IP-Solutions Inc. The company (Lorna V. Zacate) signing the digital certificates of the appliances is a supplier of hardware and services to the Governmental Institutions in the Philippines,” it said.

Quirium Media also found another IP address. This time, it is also present on the Wikipedia page for “Chief of Army (Philippines)” and related pages to the Philippine Army.

“While searching for Sophos Firewall machines in the same network, we found another unit in the IP 202.90.137{.}43, also with digital certificate in the name of IP Solutions Inc.,” it said.

Image from Quirium Media that showed another IP address present in this Wikipedia page
Image from Quirium Media that showed another IP address from the attacker


DOST denies hand in cyberattacks 

In response to this study on June 24, DOST denied it took part in cyberattacks on the three progressive media outfits, citing the allegation as “unfounded and patently false.”

“It has been mentioned in the news that the IP address used to initiate recent alleged cyber-attacks towards some media was traced to the Department of Science and Technology (DOST). The implication of DOST’s involvement in said cyber-attacks is unfounded and patently false,” it said.

The department also explained that the DOST-Advanced Science and Technology Institute, the registry for its website domain, also provides assistance to other government agencies in terms of IP addresses.

“As part of DOST’s responsibility and mandate in terms of ICT management, DOST-ASTI is part of a larger government network and DOST-ASTI assists other government agencies by allowing the use of some of its IP addresses in the local networks of other government agencies,” the DOST said.

“Given this, the statement that DOST potentially took part in initiating the alleged cyber-attacks is false. This statement was solely based on the tracked IP address and does not translate to the Department’s involvement in the matter,” it added.

The agency assured the public that it is still committed to helping the country progress through science.

The Philippine Army, on the other hand, has not yet released a statement on the matter.

Statements from the media outfits

In its statement, Altermidya cited the Quirium findings and said that the recent attack on June 16 was also the same day it posted a report about the current administration’s drug war.

“The most recent cyberattack against Altermidya’s website was on June 16, after we posted an article on the International Criminal Court’s investigation on the Duterte administration’s ‘War on Drugs’,” the media outlet said.

“Altermidya condemns these cyberattacks on our websites, as well as those against other progressive groups,” it added.


In a separate statement, Bulatlat likewise stated that they are no longer surprised about the cyberattacks given the government’s persistent move to label them as communist fronts without proof.

They also asked the Philippine military and the DOST to stop these alleged cyber-attacks to suppress press freedom.

“We demand the Philippine military and the DOST to stop the cyber-attacks and respect our right to publish. We call on private IT firms not to allow their infrastructure to be used in violating press freedom,” they said.